{"data":{"id":"ce7576ae-49c0-4e34-8ae7-2ec8210d28a4","title":"CVE-2023-32676: Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was fo","summary":"Autolab, a service that automatically grades programming assignments in courses, has a tar slip vulnerability (a flaw where extracted files can be placed outside their intended directory) in its assessment installation feature. An attacker with instructor permissions could upload a specially crafted tar file (a compressed archive format) with file paths like `../../../../tmp/tarslipped1.sh` to place files anywhere on the system when the form is submitted.","solution":"Upgrade to version 2.11.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-32676","publishedAt":"2023-05-27T03:15:18.647Z","cveId":"CVE-2023-32676","cweIds":["CWE-22","CWE-22"],"cvssScore":"6.7","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Autolab"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00366,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}