CVE-2023-42812
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-42812
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42812.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-42812
- Related
- Published
- 2023-09-22T17:15:14Z
- Modified
- 2025-02-19T03:35:59.563024Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.
- References
Affected packages
Git / github.com/galaxyproject/galaxy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/galaxyproject/galaxy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
galaxy-app-20.*
galaxy-app-20.5.0
galaxy-app-20.9.0
galaxy-auth-20.*
galaxy-auth-20.5.0
galaxy-auth-20.9.0
galaxy-containers-19.*
galaxy-containers-19.9.0
galaxy-containers-20.*
galaxy-containers-20.5.0
galaxy-containers-21.*
galaxy-containers-21.1.0
galaxy-data-20.*
galaxy-data-20.5.0
galaxy-data-20.9.0
galaxy-job-execution-20.*
galaxy-job-execution-20.5.0
galaxy-job-execution-20.9.0
galaxy-job-metrics-19.*
galaxy-job-metrics-19.9.0
galaxy-job-metrics-20.*
galaxy-job-metrics-20.5.0
galaxy-job-metrics-20.9.0
galaxy-objectstore-19.*
galaxy-objectstore-19.9.0
galaxy-objectstore-20.*
galaxy-objectstore-20.5.0
galaxy-objectstore-20.9.0
galaxy-objectstore-20.9.1
galaxy-selenium-20.*
galaxy-selenium-20.5.0
galaxy-selenium-20.9.0
galaxy-test-api-20.*
galaxy-test-api-20.9.0
galaxy-test-base-20.*
galaxy-test-base-20.5.0
galaxy-test-base-20.9.0
galaxy-test-driver-20.*
galaxy-test-driver-20.5.0
galaxy-test-driver-20.9.0
galaxy-test-selenium-20.*
galaxy-test-selenium-20.9.0
galaxy-tool-util-19.*
galaxy-tool-util-19.9.0
galaxy-tool-util-19.9.1
galaxy-tool-util-20.*
galaxy-tool-util-20.1.0.dev0
galaxy-tool-util-20.1.0.dev4
galaxy-tool-util-20.5.0
galaxy-tool-util-20.5.0.dev1
galaxy-tool-util-20.5.0.dev2
galaxy-tool-util-20.9.0
galaxy-tool-util-20.9.1
galaxy-tool-util-21.*
galaxy-tool-util-21.1.0
galaxy-tool-util-21.1.1
galaxy-tool-util-21.1.2
galaxy-tool-util-21.9.2
galaxy-util-19.*
galaxy-util-19.9.0
galaxy-util-20.*
galaxy-util-20.1.0.dev0
galaxy-util-20.5.0
galaxy-util-20.9.0
galaxy-util-20.9.1
galaxy-util-21.*
galaxy-util-21.1.0
galaxy-web-apps-20.*
galaxy-web-apps-20.5.0
galaxy-web-framework-20.*
galaxy-web-framework-20.5.0
galaxy-web-framework-20.9.0
galaxy-web-stack-20.*
galaxy-web-stack-20.5.0
Other
show
v13.*
v13.01
v13.01.1
v13.02
v13.02.1
v13.04
v13.04.1
v13.06
v13.06.1
v13.08
v13.08.1
v13.11
v13.11.1
v14.*
v14.02
v14.02.1
v14.04
v14.04.1
v14.06
v14.06.1
v14.08
v14.08.1
v14.10
v14.10.1
v14.10.2
v14.10.3
v15.*
v15.01
v15.01.1
v15.01.2
v15.01.3
v15.01.4
v15.03
v15.03.1
v15.03.2
v15.03.3
v15.03.4
v15.05
v15.05.1
v15.05.2
v15.07
v15.07.1
v15.10
v15.10.1
v15.10.2
v16.*
v16.01
v16.04
v16.07
v16.10
v17.*
v17.01
v17.05
v17.09
v18.*
v18.01
v18.05
v18.09
v19.*
v19.01
v19.05
v19.09
v20.*
v20.01
v20.05
v20.09
v21.*
v21.01
v21.05
v21.09
v22.*
v22.01
v22.05.1.dev0