Lucene search

[email protected]NVD:CVE-2024-42360

HistoryAug 14, 2024 - 8:15 p.m.

CVE-2024-42360

2024-08-1420:15:12

CWE-77

[email protected]

web.nvd.nist.gov

sequenceserver

vulnerability

http

endpoints

fixed

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.1%

JSON

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.

Affected configurations

Nvd

Node

wurmlabsequenceserverRange<3.1.2ruby

VendorProductVersionCPE
wurmlabsequenceserver*cpe:2.3:a:wurmlab:sequenceserver:*:*:*:*:*:ruby:*:*

Vendor	Product	Version	CPE
wurmlab	sequenceserver	*	cpe:2.3:a:wurmlab:sequenceserver::::::ruby::*

References

github.com/wurmlab/sequenceserver/commit/457e52709f7f9ed2fceed59b3db564cb50785dba

github.com/wurmlab/sequenceserver/security/advisories/GHSA-qv32-5wm2-p32h

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.1%

JSON

Related for NVD:CVE-2024-42360

rubygems1 github1 cve1 osv2 cvelist1 veracode1 vulnrichment1