CVE-2021-32773

Name of the Vulnerable Software and Affected Versions Racket versions prior to 8.2

Description The issue concerns code evaluated using the Racket sandbox, which could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. A workaround is available, depending on system settings, such as using external sandboxing like containers to limit the impact. However, for multi-user evaluation systems, upgrading is required.

Recommendations For versions prior to 8.2, upgrade to Racket version 8.2 to resolve the issue. As a temporary workaround for systems that provide arbitrary Racket evaluation, consider using external sandboxing such as containers to limit the impact of the problem. For multi-user evaluation systems, such as the handin-server system, upgrading to Racket version 8.2 is required, as it is not possible to work around this problem.