Description

Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89.

INFO

Published Date :

2024-09-30T15:26:49.421Z

Last Modified :

2024-09-30T16:31:07.889Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47531 vulnerability.

Vendors Products
Clinical-genomics
  • Scout
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47531.

URL Resource
https://github.com/Clinical-Genomics/scout/commit/f59e50f8ea596e641da8a0e9c7a33c0696bcbea5 cve-icon cve-icon
https://github.com/Clinical-Genomics/scout/security/advisories/GHSA-24xv-q29v-3h6r cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact