Arbitrary Code Execution

jcvi is vulnerable to configuration injection. The vulnerability is due to improper checks in the path parameter of apps/base.py, which allows an attacker to inject arbitrary configurations, possibly resulting in arbitrary code execution...

CVE-2023-35932

CVE-2023-35932 (jcvi) : The jcvi Python library is vulnerable to a configuration injection via unsanitized user input that reaches the configuration file (notably ~/.jcvirc). The issue centers on the code path in jcvi/apps/base.py where a user-provided value is stored as a path for binaries; unde...

CVE-2023-35932 jcvi vulnerable to Configuration Injection due to unsanitized user input

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

CVE-2023-35932 jcvi vulnerable to Configuration Injection due to unsanitized user input

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

PT-2023-25390 · Jcvi · Jcvi

Name of the Vulnerable Software and Affected Versions: jcvi affected versions not specified Description: A configuration injection occurs when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload th...