CVE-2022-41955

Name of the Vulnerable Software and Affected Versions Autolab versions prior to 2.10.0

Description A remote code execution issue was discovered in Autolab's MOSS functionality, allowing an instructor with access to the feature to potentially execute code on the server hosting Autolab.

Recommendations For versions prior to 2.10.0, update to version 2.10.0 to resolve the issue. As a temporary workaround, consider disabling the MOSS feature by replacing the body of run moss in app/controllers/courses controller.rb with render(plain: "Feature disabled", status: :bad request) && return.