Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possible Data Tampering & Loss of Public Datasets in Galaxy
Vulnerability Description
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy (and more back to release_21.05) were amended with the below patch. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Galaxy 信息泄露漏洞
Vulnerability Description
Galaxy是Galaxy Project开源的一个 FAIR 数据分析的开源平台。 Galaxy 21.05之前版本存在信息泄露漏洞,该漏洞源于攻击者可替换公共数据集的内容,从而导致数据丢失或篡改。
CVSS Information
N/A
Vulnerability Type
N/A