Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Scout contains insufficient output escaping of attachment names
Vulnerability Description
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
Scout 安全漏洞
Vulnerability Description
Scout是Clinical Genomics开源的一个用于分析VCF并能够辅助合作以更快地解决罕见疾病的平台。 Scout 4.89之前版本存在安全漏洞,该漏洞源于文件名缺乏清理,可以绕过预期的文件扩展名并让用户下载具有任何扩展名的恶意文件。
CVSS Information
N/A
Vulnerability Type
N/A