CVE-2024-48920: PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead...

Description

PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually.

Metrics

CVSS 3.1

9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Probability

0.45%

36.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-306

References

Timeline

Published: Oct 17, 2024
Last Modified: Jun 17, 2026
Status: Deferred

Frequently Asked Questions

What is CVE-2024-48920?

PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually.

How severe is CVE-2024-48920?

CVE-2024-48920 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.

How do I fix CVE-2024-48920?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.