CVE-2022-1554 – scout-browser

Package

Manager: pip
Name: scout-browser
Vulnerable Version: >=0 <4.52

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00581 pctl0.68089

Details

Path Traversal in scout-browser Scout is a Variant Call Format (VCF) visualization interface. The Pypi package `scout-browser` is vulnerable to path traversal due to `send_file` call in versions prior to 4.52.

Metadata

Created: 2022-05-04T00:00:24Z
Modified: 2022-05-18T19:57:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-694v-63fq-fmr4/GHSA-694v-63fq-fmr4.json
CWE IDs: ["CWE-22", "CWE-36"]
Alternative ID: GHSA-694v-63fq-fmr4
Finding: F063
Auto approve: 1