Rizfol

**Name of the Vulnerable Software and Affected Versions** MarkUs versions prior to 2.9.4 **Description** MarkUs is a web application used for submitting and grading student assignments. Before version 2.9.4, the application extracted zip files without limitations on file size or the number of entries within the archive. This allowed instructors to upload zip files for assignment configurations and students to submit assignments as zip files, with the contents being extracted by the application. **Recommendations** Update to version 2.9.4 or later.

**Name of the Vulnerable Software and Affected Versions** MarkUs versions prior to 2.9.4 **Description** MarkUs is a web application used for submitting and grading student assignments. Versions of MarkUs before 2.9.4 allow course instructors to upload YAML files to create or update entities like assignment settings. The application parses these YAML files with aliases enabled, which can lead to issues. This issue was addressed in version 2.9.4. YAML aliases allow defining reusable parts within a YAML file, potentially leading to unintended consequences if not handled securely during parsing. **Recommendations** Update to version 2.9.4 or later.

**Name of the Vulnerable Software and Affected Versions** MarkUs versions prior to 2.9.1 **Description** MarkUs is a web application used for submitting and grading student assignments. Versions prior to 2.9.1 are susceptible to an issue where the application reads and renders the contents of student-submitted files without proper sanitization via the `courses/<:course id>/assignments/<:assignment id>/submissions/html content` route. The vulnerable route allows for the execution of arbitrary HTML content. The `course id` and `assignment id` are parameters used in the affected API endpoint. **Recommendations** Update to version 2.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** MarkUs versions prior to 2.9.1 **Description** MarkUs is a web application used for submitting and grading student assignments. A flaw exists where the `select file id` parameter in the ''courses/<:course id>/assignments/<:assignment id>/submissions/html content'' endpoint was not properly restricted to the user making the request. This allowed users to access submission file contents by ID without authorization. The vulnerable parameter is `select file id`. **Recommendations** Upgrade to version 2.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** MarkUs versions prior to 2.9.1 **Description** MarkUs is a web application used for submitting and grading student assignments. Prior to version 2.9.1, instructors could upload a zip file to create an assignment from an exported configuration via the `/courses/<:course id>/assignments/upload config files` API endpoint. The application does not properly validate the file names within the uploaded zip file before using them to create file paths, potentially allowing for malicious paths to be written to disk. **Recommendations** Update to version 2.9.1 or later.