GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "2.56+dfsg-8", "binary_name": "gbrowse" }, { "binary_version": "2.56+dfsg-8", "binary_name": "gbrowse-calign" }, { "binary_version": "2.56+dfsg-8", "binary_name": "gbrowse-calign-dbgsym" }, { "binary_version": "2.56+dfsg-8", "binary_name": "gbrowse-data" } ], "priority_reason": "This has a high priority because it is a vulnerability that allows a remote attacker to execute code in a machine, and it looks to be easily exploitable given that it involves regular functionalities provided by the application." }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "binary_version": "2.56+dfsg-11", "binary_name": "gbrowse" }, { "binary_version": "2.56+dfsg-11", "binary_name": "gbrowse-calign" }, { "binary_version": "2.56+dfsg-11", "binary_name": "gbrowse-calign-dbgsym" }, { "binary_version": "2.56+dfsg-11", "binary_name": "gbrowse-data" } ], "priority_reason": "This has a high priority because it is a vulnerability that allows a remote attacker to execute code in a machine, and it looks to be easily exploitable given that it involves regular functionalities provided by the application." }