CVE-2023-42812

Опубликовано: 22 сент. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 4.3

EPSS Низкий

Описание

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.

Ссылки

https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py
Issue Tracking
https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh
Exploit
Vendor Advisory
https://github.com/galaxyproject/galaxy/blob/06d56c859713b74f1c2e35da1c2fcbbf0a965645/lib/galaxy/files/uris.py
Issue Tracking
https://github.com/galaxyproject/galaxy/security/advisories/GHSA-vf5q-r8p9-35xh
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*

Версия до 22.05 (исключая)

EPSS

Процентиль: 23%

0.00076

Низкий

6.3 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-918

EPSS

Процентиль: 23%

0.00076

Низкий

6.3 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-918