{"id":"GHSA-qv32-5wm2-p32h","summary":"Command Injection in sequenceserver","details":"### Impact\n\nSeveral HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands\n\n### Patches\n\nFixed in 3.1.2\n\n### Workarounds\n\nNo known workarounds\n\n","aliases":["CVE-2024-42360"],"modified":"2024-08-14T22:21:07.046729Z","published":"2024-08-13T21:01:42Z","database_specific":{"severity":"CRITICAL","github_reviewed":true,"nvd_published_at":"2024-08-14T20:15:12Z","github_reviewed_at":"2024-08-13T21:01:42Z","cwe_ids":["CWE-77"]},"references":[{"type":"WEB","url":"https://github.com/wurmlab/sequenceserver/security/advisories/GHSA-qv32-5wm2-p32h"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42360"},{"type":"WEB","url":"https://github.com/wurmlab/sequenceserver/commit/457e52709f7f9ed2fceed59b3db564cb50785dba"},{"type":"WEB","url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sequenceserver/CVE-2024-42360.yml"},{"type":"PACKAGE","url":"https://github.com/wurmlab/sequenceserver"}],"affected":[{"package":{"name":"sequenceserver","ecosystem":"RubyGems","purl":"pkg:gem/sequenceserver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.2"}]}],"versions":["0.6.7","0.6.8","0.6.9","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.7","0.8.7.beta1","0.8.9","1.0.0","1.0.0.pre.1","1.0.0.pre.2","1.0.0.pre.3","1.0.0.pre.4","1.0.0.pre.5","1.0.1","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0.beta","1.1.0.beta10","1.1.0.beta11","1.1.0.beta12","1.1.0.beta2","1.1.0.beta3","1.1.0.beta4","1.1.0.beta5","1.1.0.beta6","1.1.0.beta7","1.1.0.beta8","2.0.0","2.0.0.beta1","2.0.0.beta3","2.0.0.beta4","2.0.0.rc1","2.0.0.rc2","2.0.0.rc3","2.0.0.rc4","2.0.0.rc5","2.0.0.rc6","2.0.0.rc7","2.0.0.rc8","2.1.0","2.2.0","3.0","3.0.1","3.1.0","3.1.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-qv32-5wm2-p32h/GHSA-qv32-5wm2-p32h.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}