VYPR
High severityNVD Advisory· Published Jun 23, 2023· Updated Nov 27, 2024

jcvi vulnerable to Configuration Injection due to unsanitized user input

CVE-2023-35932

Description

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jcviPyPI
<= 1.3.5

Affected products

2
  • ghsa-coords
    Range: <= 1.3.5
  • tanghaibao/jcviv5
    Range: <= 1.3.5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.