We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as text rather than html.
Reserved 2024-11-14 | Published 2024-11-18 | Updated 2024-11-21 | Assigner GitHub_MCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
github.com/...utolab/security/advisories/GHSA-8qhp-jhhw-45r2
github.com/...ommit/2429983b6caa245fea1b37f0dc236ccbcad9554c
Support options