CVE-2024-26140

Published
View on NVD ↗
CVSS v3
4.6
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. No known workarounds exist.

yetanalytics/lrs
yetanalytics/lrs
Protocols, specifications, and logic for building an xAPI Learning Record Store (LRS) in Clojure(Script).
GitHubGitHub
7
yetanalytics/lrsql
yetanalytics/lrsql
A SQL-based Learning Record Store
GitHubGitHub
136