106 matches found
CVE-2024-23346 pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...
CVE-2024-23346
CVE-2024-23346 affects pymatgen: the JonesFaithfulTransformation.from_transformation_str() method insecurely uses eval() on untrusted input, enabling arbitrary code execution during CIF parsing. This is tied to a vulnerability in the CIF parser path and is documented as a critical issue with a fi...
CVE-2024-23346 pymatgen arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...
CVE-2023-35932
jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...
Command injection
jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...
Server-Side Request Forgery in scout-browser
Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...
GHSA-G53G-Q539-93CV Server-Side Request Forgery in scout-browser
Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...
Server side request forgery (ssrf)
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
CVE-2022-1592 Server-Side Request Forgery in scout in clinical-genomics/scout
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
CVE-2022-1592
CVE-2022-1592 corresponds to a Server-Side Request Forgery in the Scout component of the clinical-genomics/scout project, affecting versions prior to v4.42. The vulnerability arises in the Scout SSRF surface, enabling an attacker to cause the application to perform arbitrary requests, potentially...
CVE-2022-1592 Server-Side Request Forgery in scout in clinical-genomics/scout
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
Clinical-Genomics Scout 代码问题漏洞
Scout is a platform for analyzing VCFs and enabling collaboration to solve rare diseases faster. A security vulnerability exists in Clinical-Genomics Scout versions prior to 4.42 that stems from the presence of server-side request forgery in the application. An attacker exploiting this...
CVE-2022-1554
Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...
CVE-2022-1554
Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...
Path traversal
Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...
CVE-2022-1554
CVE-2022-1554 affects the Python package scout (clinical-genomics/scout) prior to version 4.52. The underlying issue is a path traversal vulnerability caused by a send_file/end_file usage, exposing potential unauthorized access to files. Exploitation or real-world details are not provided in the ...
CVE-2022-1554 Path Traversal due to `send_file` call in clinical-genomics/scout
Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...
CbioPortal Denial of Service Vulnerability
CbioPortal is used to provide visualization, analysis, and download of large-scale cancer genomics datasets. a denial-of-service vulnerability exists in CbioPortal in versions 3.6.21 and earlier, which stems from the insecure handling of regular expressions in /ProteinArraySignificanceTest.json,...
Clara Genomics Analysis Integer Overflow Vulnerability
Clara Genomics Analysis is an open source software package for biological sequence analysis. An integer overflow vulnerability exists in Clara Genomics Analysis versions prior to 0.2.0. The vulnerability stems from a networked system or product that does not properly validate incoming data. No...
CVE-2019-15788
Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocateblock.cpp...