CVE-2023-42812

Source
https://cve.org/CVERecord?id=CVE-2023-42812
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42812.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-42812
Aliases
  • GHSA-vf5q-r8p9-35xh
Published
2023-09-22T16:07:02.731Z
Modified
2026-07-15T01:49:02.304569498Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Galaxy vulnerable to Server Side Request Forgery during data imports
Details

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.

Database specific
{
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42812.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/galaxyproject/galaxy

Affected ranges

Type
GIT
Repo
https://github.com/galaxyproject/galaxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "22.05"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

galaxy-tool-util-20.*
galaxy-tool-util-20.5.0.dev1
galaxy-tool-util-20.5.0.dev2
v13.*
v13.01
v22.*
v22.05.1.dev0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42812.json"