{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T04:58:23.234","vulnerabilities":[{"cve":{"id":"CVE-2024-53260","sourceIdentifier":"security-advisories@github.com","published":"2024-11-27T22:15:05.353","lastModified":"2025-04-21T15:07:22.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This could lead to leakage of information of students in the course roster by sending the data to a remote endpoint. This issue has been patched in the source code repository and the fix is expected to be released in the next version. Users are advised to manually patch their systems or to wait for the next release. There are no known workarounds for this vulnerability."},{"lang":"es","value":"Autolab es un servicio de gestión de cursos que permite la calificación automática de tareas de programación. Un usuario puede modificar su nombre y apellido para incluir una fórmula válida de Excel o de una hoja de cálculo. Cuando un instructor descarga la lista de su curso y la abre, este nombre se evaluará como una fórmula. Esto podría provocar una fuga de información de los estudiantes en la lista del curso al enviar los datos a un punto final remoto. Este problema se ha corregido en el repositorio de código fuente y se espera que la solución se publique en la próxima versión. Se recomienda a los usuarios que apliquen manualmente el parche a sus sistemas o que esperen a la próxima versión. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.2","matchCriteriaId":"BB361D34-3375-41C6-B7E4-A5E6CFAE7116"}]}]}],"references":[{"url":"https://github.com/autolab/Autolab/commit/fe44b53815d37c63e751032205b692ccd5737620","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/autolab/Autolab/security/advisories/GHSA-cqxx-pfmh-h43g","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}