Unrated severityNVD Advisory· Published Sep 30, 2024· Updated Sep 30, 2024
Scout contains insufficient output escaping of attachment names
CVE-2024-47531
Description
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89.
Affected products
1- Range: <= 4.88.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/Clinical-Genomics/scout/commit/f59e50f8ea596e641da8a0e9c7a33c0696bcbea5mitrex_refsource_MISC
- github.com/Clinical-Genomics/scout/security/advisories/GHSA-24xv-q29v-3h6rmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.