GHSA-g53g-q539-93cv

Source

https://github.com/advisories/GHSA-g53g-q539-93cv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g53g-q539-93cv/GHSA-g53g-q539-93cv.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-g53g-q539-93cv

Aliases

CVE-2022-1592

Published

2022-05-06T00:00:49Z

Modified

2023-11-01T04:57:23.785233Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Server-Side Request Forgery in scout-browser

Details

Pypi package scout-browser (GitHub repository clinical-genomics/scout) prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting.

Database specific

{
    "nvd_published_at": "2022-05-05T11:15:00Z",
    "github_reviewed_at": "2022-05-24T20:52:03Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-918"
    ]
}

References

Affected packages

PyPI / scout-browser

Package

Name: scout-browser; View open source insights on deps.dev
Purl: pkg:pypi/scout-browser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.52

Affected versions

1.*

1.2.0b1

1.2.0b2

1.2.0

1.4.0

2.*

2.0.0

3.*

3.0.2

3.0.3

3.0.5

3.0.6

3.0.7

3.3.1

3.5.0

4.*

4.0.0

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.2.1

4.2.2

4.3.0

4.3.1

4.4.1

4.7

4.7.2

4.7.3

4.8.0

4.8.2

4.8.3

4.9.0

4.10.1

4.11

4.12.3

4.12.4

4.13.1

4.14

4.14.1

4.15

4.15.1

4.16.1

4.18

4.21

4.21.1

4.21.2

4.22

4.23

4.24

4.24.1

4.25

4.26

4.26.1

4.27

4.28

4.29

4.29.1

4.30

4.30.1

4.30.2

4.31

4.31.1

4.32

4.32.1

4.33

4.33.1

4.34

4.35

4.36

4.37

4.38

4.39

4.40

4.40.1

4.41

4.42

4.42.1

4.43

4.43.1

4.44

4.45

4.46

4.46.1

4.47

4.48

4.48.1

4.49

4.50

4.50.1

4.51