Опубликовано: 13 авг. 2024
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 9.8
Описание
Command Injection in sequenceserver
Impact
Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands
Patches
Fixed in 3.1.2
Workarounds
No known workarounds
Ссылки
- https://github.com/wurmlab/sequenceserver/security/advisories/GHSA-qv32-5wm2-p32h
- https://nvd.nist.gov/vuln/detail/CVE-2024-42360
- https://github.com/wurmlab/sequenceserver/commit/457e52709f7f9ed2fceed59b3db564cb50785dba
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sequenceserver/CVE-2024-42360.yml
Пакеты
Наименование
sequenceserver
rubygems
Затронутые версииВерсия исправления
< 3.1.2
3.1.2
Связанные уязвимости
CVSS3: 9.8
nvd
больше 1 года назад
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.