jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.
References
Configurations
History
21 Nov 2024, 08:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
References | () https://github.com/tanghaibao/jcvi/blob/cede6c65c8e7603cb266bc3395ac8f915ea9eac7/jcvi/apps/base.py#LL2227C1-L2228C41 - Product | |
References | () https://github.com/tanghaibao/jcvi/security/advisories/GHSA-x49m-3cw7-gq5q - Vendor Advisory |
05 Jul 2023, 13:52
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1284 | |
First Time |
Jcvi Project jcvi
Jcvi Project |
|
References | (MISC) https://github.com/tanghaibao/jcvi/security/advisories/GHSA-x49m-3cw7-gq5q - Vendor Advisory | |
References | (MISC) https://github.com/tanghaibao/jcvi/blob/cede6c65c8e7603cb266bc3395ac8f915ea9eac7/jcvi/apps/base.py#LL2227C1-L2228C41 - Product | |
CPE | cpe:2.3:a:jcvi_project:jcvi:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
23 Jun 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-23 22:15
Updated : 2024-11-21 08:09
NVD link : CVE-2023-35932
Mitre link : CVE-2023-35932
CVE.ORG link : CVE-2023-35932
JSON object : View
Products Affected
jcvi_project
- jcvi