Description
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451.
References (4)
Core 4
Core References
Permissions Required, Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.218451
Permissions Required, Third Party Advisory, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.218451
Patch, Third Party Advisory patch
https://github.com/blankenberg/galaxy-data-resource/commit/50d65f45d3f5be5d1fbff2e45ac5cec075f07d42
Third Party Advisory patch
https://github.com/blankenberg/galaxy-data-resource/releases/tag/v14.10.1
Scores
CVSS v3
5.5
EPSS
0.0089
EPSS Percentile
54.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-74
Status
published
Products (1)
galaxyproject/galaxy
< 14.10.1
Published
Jan 17, 2023
Tracked Since
Feb 18, 2026