Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated remote code execution due to insecure deserialization (GHSL-2022-063)
Vulnerability Description
Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (“Workbench 1”). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (“Workbench 2”) or API Server, are vulnerable to this attack. For versions of Arvados earlier than 2.4.2: remove the Ruby-based "Workbench 1" app ("apt-get remove arvados-workbench") from your installation as a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Arvados 代码问题漏洞
Vulnerability Description
Arvados是用于管理和分析生物医学大数据的开源平台。 Arvados 2.4.1之前版本存在代码问题漏洞,该漏洞源于反序列化不安全,攻击者利用该漏洞可以通过特制的 JSON 有效负载执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A