jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.
References
Configurations
History
05 Jul 2023, 13:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-1284 | |
First Time |
Jcvi Project jcvi
Jcvi Project |
|
CPE | cpe:2.3:a:jcvi_project:jcvi:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/tanghaibao/jcvi/security/advisories/GHSA-x49m-3cw7-gq5q - Vendor Advisory | |
References | (MISC) https://github.com/tanghaibao/jcvi/blob/cede6c65c8e7603cb266bc3395ac8f915ea9eac7/jcvi/apps/base.py#LL2227C1-L2228C41 - Product |
23 Jun 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-23 22:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-35932
Mitre link : CVE-2023-35932
CVE.ORG link : CVE-2023-35932
JSON object : View
Products Affected
jcvi_project
- jcvi