Samth

**Name of the Vulnerable Software and Affected Versions** Racket versions prior to 8.2 **Description** The issue concerns code evaluated using the Racket sandbox, which could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. A workaround is available, depending on system settings, such as using external sandboxing like containers to limit the impact. However, for multi-user evaluation systems, upgrading is required. **Recommendations** For versions prior to 8.2, upgrade to Racket version 8.2 to resolve the issue. As a temporary workaround for systems that provide arbitrary Racket evaluation, consider using external sandboxing such as containers to limit the impact of the problem. For multi-user evaluation systems, such as the `handin-server` system, upgrading to Racket version 8.2 is required, as it is not possible to work around this problem.