Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Galaxy vulnerable to Server Side Request Forgery during data imports
Vulnerability Description
Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Galaxy 代码问题漏洞
Vulnerability Description
Galaxy是Galaxy Project开源的一个 FAIR 数据分析的开源平台。 Galaxy 22.05之前版本存在代码问题漏洞,该漏洞源于存在服务器请求伪造(SSRF)漏洞。攻击者可利用该漏洞向内部主机发出任意HTTP/HTTPS请求并读取其响应。
CVSS Information
N/A
Vulnerability Type
N/A