PT-2023-12419 · Unknown · Nyuccl Psiturk

Blaiserideout

Publicado

2023-01-28

Atualizado

2024-05-17

CVE-2021-4315

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NYUCCL psiTurk versions up to 3.2.0

Description A critical issue has been found in NYUCCL psiTurk, affecting unknown code of the file psiturk/experiment.py. The manipulation of the mode argument leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue.

Recommendations For NYUCCL psiTurk versions up to 3.2.0, upgrade to version 3.2.1 to address the issue. As a temporary workaround, consider restricting the manipulation of the mode argument in the affected file psiturk/experiment.py until the upgrade is applied.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1336CWE-94

Identificadores relacionados

CVE-2021-4315

GHSA-9MQ4-9556-6QXQ

PYSEC-2023-43

Produtos afetados

Nyuccl Psiturk

PT-2023-12419 · Unknown · Nyuccl Psiturk

CVE-2021-4315

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14