CVE-2024-42360

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42360

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42360.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-42360

Aliases

GHSA-qv32-5wm2-p32h

Published

2024-08-14T20:15:12Z

Modified

2024-08-16T21:45:31.912775Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.

References

Affected packages

Git / github.com/wurmlab/sequenceserver

Affected ranges

Type: GIT
Repo: https://github.com/wurmlab/sequenceserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

457e52709f7f9ed2fceed59b3db564cb50785dba

Affected versions

0.*

0.8.0

0.8.7

1.*

1.0.0

1.0.0.pre.1

1.0.0.pre.2

1.0.0.pre.3

1.0.0.pre.4

1.0.0.pre.5

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0.beta

1.1.0.beta10

1.1.0.beta11

1.1.0.beta12

1.1.0.beta2

1.1.0.beta3

1.1.0.beta4

1.1.0.beta5

1.1.0.beta6

1.1.0.beta7

1.1.0.beta8

2.*

2.0.0

2.0.0.20211115

2.0.0.beta1

2.0.0.beta2

2.0.0.beta3

2.0.0.beta4

2.0.0.rc1

2.0.0.rc2

2.0.0.rc3

2.0.0.rc4

2.0.0.rc5

2.0.0.rc6

2.0.0.rc7

2.0.0.rc8

2.0.0.rc8-20211121

2.1.0

Other

beta-1

gem

vis

v0.*

v0.7.1

v2.*

v2.2.0

v3.*

v3.0

v3.0.1

v3.1.0

v3.1.1