SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.
History

Fri, 16 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wurmlab:sequenceserver:*:*:*:*:*:ruby:*:*

Thu, 15 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Wurmlab
Wurmlab sequenceserver
CPEs cpe:2.3:a:wurmlab:sequenceserver:*:*:*:*:*:*:*:*
Vendors & Products Wurmlab
Wurmlab sequenceserver
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 20:00:00 +0000

Type Values Removed Values Added
Description SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.
Title Command Injection in sequenceserver
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-08-14T19:50:09.469Z

Updated: 2024-08-15T15:05:31.961Z

Reserved: 2024-07-30T14:01:33.922Z

Link: CVE-2024-42360

cve-icon Vulnrichment

Updated: 2024-08-15T15:05:16.838Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-14T20:15:12.533

Modified: 2024-08-16T20:00:10.467

Link: CVE-2024-42360

cve-icon Redhat

No data.