MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip file for an assignment submission and indicate its contents should be extracted.
This issue has been patched in version 2.9.4.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
None
Нет утечки данных
Integrity
None
Нет модификации данных
Availability
High
Полный отказ в обслуживании
CVSS Vector v3.1