PYSEC-2020-244

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/omero-web/PYSEC-2020-244.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-244

Aliases

CVE-2020-7932
GHSA-vwxv-frj6-fhc9

Published

2020-06-17T17:15:00Z

Modified

2023-11-08T04:04:11.500694Z

Summary

[none]

Details

OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.

References

https://www.openmicroscopy.org/security/advisories/2019-SV4/

Affected packages

PyPI / omero-web

Package

Name: omero-web; View open source insights on deps.dev
Purl: pkg:pypi/omero-web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.6.3

Affected versions

5.*

5.5.dev1

5.5.dev2

5.6.dev1

5.6.dev2

5.6.dev3

5.6.dev4

5.6.dev5

5.6.dev6

5.6.dev7

5.6.0

5.6.1

5.6.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/omero-web/PYSEC-2020-244.yaml"