CVE-2024-52585

low

Description

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as text rather than html.

References

https://github.com/autolab/Autolab/security/advisories/GHSA-8qhp-jhhw-45r2

https://github.com/autolab/Autolab/commit/2429983b6caa245fea1b37f0dc236ccbcad9554c

Details

Source: Mitre, NVD

Published: 2024-11-18

Updated: 2025-01-21

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 1.2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Severity: Low

EPSS

EPSS: 0.00051