CVE-2015-5601

HIGH

edx-platform <2015-07-20 - Code Injection

Title source: llm
STIX 2.1

Description

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://open.edx.org/announcements/CVE-2015-5601

Scores

CVSS v3 8.8
EPSS 0.0090
EPSS Percentile 75.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
edx/edx-platform < 2015-07-20
Published Jul 29, 2019
Tracked Since Feb 18, 2026