Critical severityNVD Advisory· Published Aug 14, 2024· Updated Aug 15, 2024
Command Injection in sequenceserver
CVE-2024-42360
Description
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sequenceserverRubyGems | < 3.1.2 | 3.1.2 |
Affected products
2- wurmlab/sequenceserverv5Range: < 3.1.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-qv32-5wm2-p32hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-42360ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/sequenceserver/CVE-2024-42360.ymlghsaWEB
- github.com/wurmlab/sequenceserver/commit/457e52709f7f9ed2fceed59b3db564cb50785dbaghsax_refsource_MISCWEB
- github.com/wurmlab/sequenceserver/security/advisories/GHSA-qv32-5wm2-p32hghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.