{"id":"CVE-2024-48920","summary":"PutongOJ: unprivileged users can escalate privileges by constructing requests","details":"PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually.","aliases":["GHSA-gj6h-73c5-xw6f"],"modified":"2026-04-02T12:21:16.080631Z","published":"2024-10-17T14:24:08.417Z","database_specific":{"cwe_ids":["CWE-306"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/48xxx/CVE-2024-48920.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/acm309/PutongOJ/releases/tag/v2.1.0-beta.1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/48xxx/CVE-2024-48920.json"},{"type":"ADVISORY","url":"https://github.com/acm309/PutongOJ/security/advisories/GHSA-gj6h-73c5-xw6f"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-48920"},{"type":"FIX","url":"https://github.com/acm309/PutongOJ/commit/211dfe9ebf1c6618ce5396b0338de4f9b580715e#diff-782628b47d666d5d551e040815ca3f80c0704397258718f0e0f31164608ea7beL118-R120"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/acm309/putongoj","events":[{"introduced":"0"},{"fixed":"211dfe9ebf1c6618ce5396b0338de4f9b580715e"}]},{"type":"GIT","repo":"https://github.com/acm309/putongoj","events":[{"introduced":"0"},{"fixed":"b9119502ed05dafb05f56bc27a8e534ce4e494a3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48920.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}