ГлавнаяУязвимости → CVE-2026-25057
9.1критическая

CVE-2026-25057

Описание

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.

Затрагиваемое ПО
Markusproject Markus
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Источники
https://github.com/MarkUsProject/Markus/commit/0ca002a1f0071c7a00dbb2ed34fede57323c5dc7https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1https://github.com/MarkUsProject/Markus/security/advisories/GHSA-mccg-p332-252h