Описание
jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.
Ссылки
- Product
- Vendor Advisory
- Product
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.5 (включая)
cpe:2.3:a:jcvi_project:jcvi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00843
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-77
CWE-1284
Связанные уязвимости
CVSS3: 7.1
github
больше 2 лет назад
jcvi vulnerable to Configuration Injection due to unsanitized user input
EPSS
Процентиль: 74%
0.00843
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-77
CWE-1284