Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection in sequenceserver
Vulnerability Description
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
SequenceServer 安全漏洞
Vulnerability Description
SequenceServer是Yannick Wurm团队的一个直观的图形化 web 界面。用于运行 BLAST 生物信息学工具。 SequenceServer 3.1.2之前版本存在安全漏洞,该漏洞源于没有正确清理用户输入和查询参数,可能被利用来注入和运行不需要的shell命令。
CVSS Information
N/A
Vulnerability Type
N/A