Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-q3z8-83e9-ryf9

Summary Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Aliases

alias	CVE-2024-42346

alias	GHSA-x6w7-3gwf-qr9r

alias	PYSEC-2024-272

alias	PYSEC-2024-273

Fixed_packages

url	pkg:pypi/galaxy-auth@24.1.1
purl	pkg:pypi/galaxy-auth@24.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.1.1

url	pkg:pypi/galaxy-data@24.1.1
purl	pkg:pypi/galaxy-data@24.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.1.1

Affected_packages

url pkg:pypi/galaxy-auth@20.5.0

purl pkg:pypi/galaxy-auth@20.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@20.5.0

url pkg:pypi/galaxy-auth@20.9.0

purl pkg:pypi/galaxy-auth@20.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@20.9.0

url pkg:pypi/galaxy-auth@21.9.0

purl pkg:pypi/galaxy-auth@21.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@21.9.0

url pkg:pypi/galaxy-auth@22.1.1

purl pkg:pypi/galaxy-auth@22.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@22.1.1

url pkg:pypi/galaxy-auth@23.0.1

purl pkg:pypi/galaxy-auth@23.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.1

url pkg:pypi/galaxy-auth@23.0.2

purl pkg:pypi/galaxy-auth@23.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.2

url pkg:pypi/galaxy-auth@23.0.3

purl pkg:pypi/galaxy-auth@23.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.3

url pkg:pypi/galaxy-auth@23.0.4

purl pkg:pypi/galaxy-auth@23.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.4

url pkg:pypi/galaxy-auth@23.0.5

purl pkg:pypi/galaxy-auth@23.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.5

url pkg:pypi/galaxy-auth@23.0.6

purl pkg:pypi/galaxy-auth@23.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.6

url pkg:pypi/galaxy-auth@23.1.1

purl pkg:pypi/galaxy-auth@23.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.1

url pkg:pypi/galaxy-auth@23.1.2

purl pkg:pypi/galaxy-auth@23.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.2

url pkg:pypi/galaxy-auth@23.1.3

purl pkg:pypi/galaxy-auth@23.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.3

url pkg:pypi/galaxy-auth@23.1.4

purl pkg:pypi/galaxy-auth@23.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.4

url pkg:pypi/galaxy-auth@23.1.dev0

purl pkg:pypi/galaxy-auth@23.1.dev0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.dev0

url pkg:pypi/galaxy-auth@23.2.1

purl pkg:pypi/galaxy-auth@23.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.2.1

url pkg:pypi/galaxy-auth@24.0.0

purl pkg:pypi/galaxy-auth@24.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.0

url pkg:pypi/galaxy-auth@24.0.1

purl pkg:pypi/galaxy-auth@24.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.1

url pkg:pypi/galaxy-auth@24.0.2

purl pkg:pypi/galaxy-auth@24.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.2

url pkg:pypi/galaxy-auth@24.0.3

purl pkg:pypi/galaxy-auth@24.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.3

url pkg:pypi/galaxy-data@19.9.0.dev0

purl pkg:pypi/galaxy-data@19.9.0.dev0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev0

url pkg:pypi/galaxy-data@19.9.0.dev1

purl pkg:pypi/galaxy-data@19.9.0.dev1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev1

url pkg:pypi/galaxy-data@19.9.0.dev2

purl pkg:pypi/galaxy-data@19.9.0.dev2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev2

url pkg:pypi/galaxy-data@19.9.0.dev3

purl pkg:pypi/galaxy-data@19.9.0.dev3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev3

url pkg:pypi/galaxy-data@20.5.0

purl pkg:pypi/galaxy-data@20.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.5.0

url pkg:pypi/galaxy-data@20.9.0

purl pkg:pypi/galaxy-data@20.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.9.0

url pkg:pypi/galaxy-data@20.9.1

purl pkg:pypi/galaxy-data@20.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.9.1

url pkg:pypi/galaxy-data@21.9.0

purl pkg:pypi/galaxy-data@21.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@21.9.0

url pkg:pypi/galaxy-data@22.1.1

purl pkg:pypi/galaxy-data@22.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@22.1.1

url pkg:pypi/galaxy-data@23.0.1

purl pkg:pypi/galaxy-data@23.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.1

url pkg:pypi/galaxy-data@23.0.2

purl pkg:pypi/galaxy-data@23.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.2

url pkg:pypi/galaxy-data@23.0.3

purl pkg:pypi/galaxy-data@23.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.3

url pkg:pypi/galaxy-data@23.0.4

purl pkg:pypi/galaxy-data@23.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.4

url pkg:pypi/galaxy-data@23.0.5

purl pkg:pypi/galaxy-data@23.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.5

url pkg:pypi/galaxy-data@23.0.6

purl pkg:pypi/galaxy-data@23.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.6

url pkg:pypi/galaxy-data@23.1.dev0

purl pkg:pypi/galaxy-data@23.1.dev0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.dev0

url pkg:pypi/galaxy-data@23.1.1

purl pkg:pypi/galaxy-data@23.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.1

url pkg:pypi/galaxy-data@23.1.2

purl pkg:pypi/galaxy-data@23.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.2

url pkg:pypi/galaxy-data@23.1.3

purl pkg:pypi/galaxy-data@23.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.3

url pkg:pypi/galaxy-data@23.1.4

purl pkg:pypi/galaxy-data@23.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.4

url pkg:pypi/galaxy-data@23.2.1

purl pkg:pypi/galaxy-data@23.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.2.1

url pkg:pypi/galaxy-data@24.0.0

purl pkg:pypi/galaxy-data@24.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.0

url pkg:pypi/galaxy-data@24.0.1

purl pkg:pypi/galaxy-data@24.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.1

url pkg:pypi/galaxy-data@24.0.2

purl pkg:pypi/galaxy-data@24.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.2

url pkg:pypi/galaxy-data@24.0.3

purl pkg:pypi/galaxy-data@24.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q3z8-83e9-ryf9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.3

References

reference_url

https://github.com/galaxyproject/galaxy/security/advisories/GHSA-x6w7-3gwf-qr9r

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://github.com/galaxyproject/galaxy/security/advisories/GHSA-x6w7-3gwf-qr9r

Weaknesses

Exploits

Severity_range_score 5.4 - 5.4

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3z8-83e9-ryf9

Vulnerability Instance