SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.
References
Configurations
History
16 Aug 2024, 20:00
Type | Values Removed | Values Added |
---|---|---|
First Time |
Wurmlab
Wurmlab sequenceserver |
|
Summary |
|
|
References | () https://github.com/wurmlab/sequenceserver/commit/457e52709f7f9ed2fceed59b3db564cb50785dba - Patch | |
References | () https://github.com/wurmlab/sequenceserver/security/advisories/GHSA-qv32-5wm2-p32h - Vendor Advisory | |
CPE | cpe:2.3:a:wurmlab:sequenceserver:*:*:*:*:*:ruby:*:* |
14 Aug 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-14 20:15
Updated : 2024-08-16 20:00
NVD link : CVE-2024-42360
Mitre link : CVE-2024-42360
CVE.ORG link : CVE-2024-42360
JSON object : View
Products Affected
wurmlab
- sequenceserver
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')