Unrated severityNVD Advisory· Published Nov 18, 2024· Updated Nov 21, 2024

Autolab has HTML Injection Vulnerability

CVE-2024-52585

Description

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on gradesheet.js.erb to take in feedback as text rather than html.

Affected products

Autolab/Autolabllm-fuzzy2 versions
= 3.0.1+ 1 more
- (no CPE)range: = 3.0.1
- (no CPE)range: = 3.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/autolab/Autolab/commit/2429983b6caa245fea1b37f0dc236ccbcad9554cmitrex_refsource_MISC
github.com/autolab/Autolab/security/advisories/GHSA-8qhp-jhhw-45r2mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000