13 matches found
CVE-2024-42360
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...
CVE-2024-42360
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...
CVE-2024-42360
SequenceServer (BLAST+ web UI) is affected by a command injection due to improper sanitization in several HTTP endpoints. Versions prior to 3.1.2 are vulnerable; exploitation could allow arbitrary shell command execution. The issue has been fixed in 3.1.2. Remediation: upgrade to SequenceServer 3...
CVE-2024-42360 Command Injection in sequenceserver
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...
CVE-2024-42360 Command Injection in sequenceserver
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...
CVE-2024-42360 Command Injection in sequenceserver
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...
Command Injection
sequenceserver is vulnerable to Command Injection. The vulnerability is due to improper sanitization of user input and query parameters, allowing attackers to inject and execute shell commands...
SequenceServer 安全漏洞
SequenceServer is an intuitive graphical web interface from the Yannick Wurm team. It is used to run BLAST bioinformatics tools. A security vulnerability exists in SequenceServer versions prior to 3.1.2 that stems from not properly cleaning up user input and query parameters, which could be...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via several HTTP endpoints due to improper sanitization of a user input or query parameters, which allows attacker to execute arbitrary shell commands. Remediation Upgrade sequenceserver to version 3.1.2 or higher...
Command Injection in sequenceserver
Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...
GHSA-QV32-5WM2-P32H Command Injection in sequenceserver
Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...
Command Injection in sequenceserver gem
Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...
PT-2024-29895 · Unknown · Sequenceserver
Name of the Vulnerable Software and Affected Versions: SequenceServer versions prior to 3.1.2 Description: The issue arises from several HTTP endpoints not properly sanitizing user input and/or query parameters, which could be exploited to inject and run unwanted shell commands. Recommendations:...