CVE-2021-4315 – NYUCCL psiTurk experiment.py special elements used in a template engine

https://notcve.org/view.php?id=CVE-2021-4315

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. • https://github.com/NYUCCL/psiTurk/commit/47787e15cecd66f2aa87687bf852ae0194a4335f https://github.com/NYUCCL/psiTurk/pull/517 https://github.com/NYUCCL/psiTurk/releases/tag/v3.2.1 https://vuldb.com/?ctiid.219676 https://vuldb.com/?id.219676 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •