EUVD-2022-7293

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-21126

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir...

au.csiro.aehrc.variant-spark:variant-spark_2.11 (=0.1.0), bio.ferlab:datalake-commons_2.12 (>=0.1.0 <=13.0.0) +259 more potentially affected by CVE-2022-21126 via com.github.samtools:htsjdk (>=1.128 <=3.0.0)

com.github.samtools:htsjdk MAVEN version =1.128, =0.1.0, =0.0.1, =0.0.21, =0.1.0, =0.1.0, =0.0.26, =0.1.0, =0.1.3, =1.0.0, =0.1.0, =0.1.3, =1.0.0, =0.1.0, =0.1.3, =0.3.0 and more Source cves: CVE-2022-21126 Source advisory: OSV:GHSA-96VH-4RFP-C42C...

PT-2022-14866 · Htsjdk · Htsjdk

Name of the Vulnerable Software and Affected Versions: com.github.samtools:htsjdk versions prior to 3.0.1 Description: The issue arises from the createTempDir function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it, leading to the...

com.github.broadinstitute:picard (>=2.27.3 <=2.27.4), org.gorpipe:gor-drivers (>=4.1.2 <=4.3.2) +4 more potentially affected by CVE-2022-21126 via com.github.samtools:htsjdk (=3.0.0)

com.github.samtools:htsjdk MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.samtools:htsjdk and may be impacted: - com.github.broadinstitute:picard =2.27.3, =4.1.2, =4.3.1, =4.1.2, =4.1.2, =3.10.1, =4.2.9 Source cves:...