PT-2023-10219 · Gitlearn · Gitlearn
Avere001
·
Published
2023-01-13
·
Updated
2024-05-17
·
CVE-2015-10040
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
gitlearn (affected versions not specified)
Description
A vulnerability was found in the function
getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. This issue leads to injection and can be initiated remotely.Recommendations
Apply a patch to fix this issue. Specifically, it is recommended to apply the patch identified as 3faa5deaa509012069afe75cd03c21bda5050a64. As a temporary workaround, consider disabling the
getGrade/getOutOf function until a patch is available.Exploit
Fix
Improper Encoding or Escaping of Output
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlearn