CVE-2023-32317: Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was fo
mediumvulnerability
security
Summary
Autolab, a service that manages programming courses and automatically grades assignments, has a tar slip vulnerability (a flaw where compressed files can extract to unintended locations outside their target directories) in its MOSS cheat checker feature. An authenticated instructor could upload a specially crafted tar file (compressed archive) that extracts files to arbitrary locations on the system, potentially allowing them to write malicious files anywhere the service has access.
Solution / Mitigation
This issue has been addressed in version 2.11.0. Users are advised to upgrade.
Vulnerability Details
CVSS Score
6.7(medium)
EPSS (30-day exploit probability)
EPSS: 0.4%
Classification
Attack SophisticationModerate
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-32317
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 95%