Lucene search
JpcertCVE-2023-32637HistoryJul 25, 2023 - 6:15 a.m.
CVE-2023-32637
2023-07-2506:15:10
CWE-434
jpcert
web.nvd.nist.gov
21
cve-2023-32637
gbrowse
arbitrary code execution
file upload vulnerability
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.001
Percentile
51.0%
GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.
Affected configurations
Node
gmodgbrowseMatch-
CNA Affected
[
{
"vendor": "Generic Model Organism Database Project",
"product": "GBrowse",
"versions": [
{
"version": "unspecified",
"status": "affected"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2023-32637
2023-07-25 00:00:00
prion
prion
Code injection
2023-07-25 06:15:00
debiancve
debiancve
CVE-2023-32637
2023-07-25 06:15:10
cvelist
cvelist
CVE-2023-32637
2023-07-25 05:01:48
nvd
nvd
CVE-2023-32637
2023-07-25 06:15:10
jvn
jvn
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.001
Percentile
51.0%
Related for CVE-2023-32637