Arbitrary file upload in Markusproject Markus

CVE-2024-51743

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors t…

Vulnerability class: Unrestricted File Upload

EPSS: 0.027 (86.2th percentile) — read the EPSS interpretation.

Affected products

Markusproject Markus — versions < 2.4.8

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

https://github.com/MarkUsProject/Markus/security/advisories/GHSA-hwgg-qvjx-572x (x_refsource_CONFIRM)
https://github.com/MarkUsProject/Markus/pull/7026 (x_refsource_MISC)