Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| MarkUsProject | Markus | affected |
|
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Markusproject | Markus | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 12 Mar 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:markusproject:markus:*:*:*:*:*:*:*:* |
Fri, 06 Mar 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 06 Mar 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Markusproject
Markusproject markus |
|
| Vendors & Products |
Markusproject
Markusproject markus |
Fri, 06 Mar 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patched in version 2.9.4. | |
| Title | MarkUs: YAML alias (‘billion laughs’) DoS in config upload | |
| Weaknesses | CWE-776 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-03-06T16:10:43.887Z
Reserved: 2026-02-24T02:31:33.267Z
Link: CVE-2026-27807
Vulnrichment
Updated: 2026-03-06T15:50:50.844Z
NVD
Status : Analyzed
Published: 2026-03-06T04:16:07.810
Modified: 2026-03-12T17:22:20.530
Link: CVE-2026-27807
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-04-18T10:00:10Z