CVE-2021-4315

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NYUCCL psiTurk versions up to 3.2.0

Description A critical issue has been found in NYUCCL psiTurk, affecting unknown code of the file psiturk/experiment.py. The manipulation of the mode argument leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue.

Recommendations For NYUCCL psiTurk versions up to 3.2.0, upgrade to version 3.2.1 to address the issue. As a temporary workaround, consider restricting the manipulation of the mode argument in the affected file psiturk/experiment.py until the upgrade is applied.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336CWE-94

Related Identifiers

CVE-2021-4315

GHSA-9MQ4-9556-6QXQ

PYSEC-2023-43

Affected Products

Nyuccl Psiturk

CVE-2021-4315

Weakness Enumeration

Related Identifiers

Affected Products

References · 14