Markusproject

Markus

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-25962

  • EPSS 0.04%
  • Veröffentlicht 06.03.2026 02:48:43
  • Zuletzt bearbeitet 06.03.2026 04:16:07

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assign...

4.9

CVE-2026-27807

  • EPSS 0.04%
  • Veröffentlicht 06.03.2026 02:48:28
  • Zuletzt bearbeitet 06.03.2026 04:16:07

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parse...

8

CVE-2026-28405

  • EPSS 0.04%
  • Veröffentlicht 05.03.2026 20:06:13
  • Zuletzt bearbeitet 05.03.2026 21:16:21

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content route reads the contents of a student-submitted file and renders...

9.1

CVE-2026-25057

  • EPSS 0.1%
  • Veröffentlicht 09.02.2026 19:16:55
  • Zuletzt bearbeitet 19.02.2026 20:25:55

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files)...

6.5

CVE-2026-24900

  • EPSS 0.03%
  • Veröffentlicht 09.02.2026 18:39:52
  • Zuletzt bearbeitet 19.02.2026 20:08:14

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content accepted a select_file_id parameter to serve SubmissionFile objects cont...

8.8

CVE-2024-51499

  • EPSS 1.68%
  • Veröffentlicht 18.11.2024 20:15:05
  • Zuletzt bearbeitet 04.09.2025 17:25:38

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. ...

8.8

CVE-2024-51743

  • EPSS 3.83%
  • Veröffentlicht 18.11.2024 20:15:05
  • Zuletzt bearbeitet 04.09.2025 17:25:33

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arb...

3.5

CVE-2024-47820

  • EPSS 0.07%
  • Veröffentlicht 18.11.2024 17:15:11
  • Zuletzt bearbeitet 04.09.2025 17:25:41

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file...