EUVD-2024-2761

Malicious code in bioql PyPI...

CVE-2024-45614

A flaw was found in rubygem-puma. In affected versions, clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing an underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables are affected. v6.4.3/v5.6.9 now discards any...

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

CVE-2022-23470 Arbitrary file access in the Galaxy data analysis platform

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...