CVE Alert: CVE-2024-42351
Vulnerability Summary: CVE-2024-42351
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy (and more back to release_21.05) were amended with the below patch. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected Endpoints:
No affected endpoints listed.
Published Date:
9/20/2024, 7:15:15 PM
⚠️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://depot.galaxyproject.org/patch/GX-2024-0001/022da344a02bafd604402ac8e253e0014f6e2e08.patch
- https://depot.galaxyproject.org/patch/GX-2024-0001/15060a6cb222f2fcfc687d0f0260f1eb1b9c757b.patch
- https://depot.galaxyproject.org/patch/GX-2024-0001/235f1d8b400708556732b9dda788c919ebf3bb80.patch
- https://github.com/galaxyproject/galaxy/security/advisories/GHSA-5639-cmph-9j4v
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
