UBUNTU-CVE-2023-32637
- Source
- https://ubuntu.com/security/CVE-2023-32637
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-32637.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-32637
- Upstream
- Published
- 2023-07-25T06:15:00Z
- Modified
- 2025-09-08T16:56:19Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - high
- Summary
- [none]
- Details
-
GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / gbrowse
Package
- Name
- gbrowse
- Purl
- pkg:deb/ubuntu/gbrowse@2.54+dfsg-6build1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"priority_reason": "This has a high priority because it is a vulnerability that allows a remote attacker to execute code in a machine, and it looks to be easily exploitable given that it involves regular functionalities provided by the application.",
"binaries": [
{
"binary_version": "2.54+dfsg-6build1",
"binary_name": "gbrowse"
},
{
"binary_version": "2.54+dfsg-6build1",
"binary_name": "gbrowse-calign"
},
{
"binary_version": "2.54+dfsg-6build1",
"binary_name": "gbrowse-data"
}
]
}