Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
cBioPortal Proxy Endpoint Vulnerabliity
Vulnerability Description
The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery (SSRF) attack. Logged in users could do the same on private instances. A fix has been released in version 6.0.12. As a workaround, one might be able to disable `/proxy` endpoint entirely via, for example, nginx.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
cBioPortal 安全漏洞
Vulnerability Description
cBioPortal是cBioPortal开源的一个应用程序。用于提供大规模癌症基因组学数据集的可视化、分析和下载。 cBioPortal 存在安全漏洞,该漏洞源于未经身份验证的情况下运行公开的代理端点时,cBioPortal 可能允许执行服务器端请求伪造 (SSRF) 攻击。
CVSS Information
N/A
Vulnerability Type
N/A