Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-2qzw-8ga2-2yd5

Summary Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Aliases

alias	CVE-2024-42346

alias	GHSA-x6w7-3gwf-qr9r

alias	PYSEC-2024-272

alias	PYSEC-2024-273

Fixed_packages

url	pkg:pypi/galaxy-auth@24.1.1
purl	pkg:pypi/galaxy-auth@24.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.1.1

url	pkg:pypi/galaxy-data@24.1.1
purl	pkg:pypi/galaxy-data@24.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.1.1

Affected_packages

url pkg:pypi/galaxy-auth@20.5.0

purl pkg:pypi/galaxy-auth@20.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@20.5.0

url pkg:pypi/galaxy-auth@20.9.0

purl pkg:pypi/galaxy-auth@20.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@20.9.0

url pkg:pypi/galaxy-auth@21.9.0

purl pkg:pypi/galaxy-auth@21.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@21.9.0

url pkg:pypi/galaxy-auth@22.1.1

purl pkg:pypi/galaxy-auth@22.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@22.1.1

url pkg:pypi/galaxy-auth@23.0.1

purl pkg:pypi/galaxy-auth@23.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.1

url pkg:pypi/galaxy-auth@23.0.2

purl pkg:pypi/galaxy-auth@23.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.2

url pkg:pypi/galaxy-auth@23.0.3

purl pkg:pypi/galaxy-auth@23.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.3

url pkg:pypi/galaxy-auth@23.0.4

purl pkg:pypi/galaxy-auth@23.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.4

url pkg:pypi/galaxy-auth@23.0.5

purl pkg:pypi/galaxy-auth@23.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.5

url pkg:pypi/galaxy-auth@23.0.6

purl pkg:pypi/galaxy-auth@23.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.0.6

url pkg:pypi/galaxy-auth@23.1.dev0

purl pkg:pypi/galaxy-auth@23.1.dev0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.dev0

url pkg:pypi/galaxy-auth@23.1.1

purl pkg:pypi/galaxy-auth@23.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.1

url pkg:pypi/galaxy-auth@23.1.2

purl pkg:pypi/galaxy-auth@23.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.2

url pkg:pypi/galaxy-auth@23.1.3

purl pkg:pypi/galaxy-auth@23.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.3

url pkg:pypi/galaxy-auth@23.1.4

purl pkg:pypi/galaxy-auth@23.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.1.4

url pkg:pypi/galaxy-auth@23.2.1

purl pkg:pypi/galaxy-auth@23.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@23.2.1

url pkg:pypi/galaxy-auth@24.0.0

purl pkg:pypi/galaxy-auth@24.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.0

url pkg:pypi/galaxy-auth@24.0.1

purl pkg:pypi/galaxy-auth@24.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.1

url pkg:pypi/galaxy-auth@24.0.2

purl pkg:pypi/galaxy-auth@24.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.2

url pkg:pypi/galaxy-auth@24.0.3

purl pkg:pypi/galaxy-auth@24.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-auth@24.0.3

url pkg:pypi/galaxy-data@19.9.0.dev0

purl pkg:pypi/galaxy-data@19.9.0.dev0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev0

url pkg:pypi/galaxy-data@19.9.0.dev1

purl pkg:pypi/galaxy-data@19.9.0.dev1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev1

url pkg:pypi/galaxy-data@19.9.0.dev2

purl pkg:pypi/galaxy-data@19.9.0.dev2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev2

url pkg:pypi/galaxy-data@19.9.0.dev3

purl pkg:pypi/galaxy-data@19.9.0.dev3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@19.9.0.dev3

url pkg:pypi/galaxy-data@20.5.0

purl pkg:pypi/galaxy-data@20.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.5.0

url pkg:pypi/galaxy-data@20.9.0

purl pkg:pypi/galaxy-data@20.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.9.0

url pkg:pypi/galaxy-data@20.9.1

purl pkg:pypi/galaxy-data@20.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@20.9.1

url pkg:pypi/galaxy-data@21.9.0

purl pkg:pypi/galaxy-data@21.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@21.9.0

url pkg:pypi/galaxy-data@22.1.1

purl pkg:pypi/galaxy-data@22.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@22.1.1

url pkg:pypi/galaxy-data@23.0.1

purl pkg:pypi/galaxy-data@23.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.1

url pkg:pypi/galaxy-data@23.0.2

purl pkg:pypi/galaxy-data@23.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.2

url pkg:pypi/galaxy-data@23.0.3

purl pkg:pypi/galaxy-data@23.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.3

url pkg:pypi/galaxy-data@23.0.4

purl pkg:pypi/galaxy-data@23.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.4

url pkg:pypi/galaxy-data@23.0.5

purl pkg:pypi/galaxy-data@23.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.5

url pkg:pypi/galaxy-data@23.0.6

purl pkg:pypi/galaxy-data@23.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.0.6

url pkg:pypi/galaxy-data@23.1.dev0

purl pkg:pypi/galaxy-data@23.1.dev0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.dev0

url pkg:pypi/galaxy-data@23.1.1

purl pkg:pypi/galaxy-data@23.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.1

url pkg:pypi/galaxy-data@23.1.2

purl pkg:pypi/galaxy-data@23.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.2

url pkg:pypi/galaxy-data@23.1.3

purl pkg:pypi/galaxy-data@23.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.3

url pkg:pypi/galaxy-data@23.1.4

purl pkg:pypi/galaxy-data@23.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.1.4

url pkg:pypi/galaxy-data@23.2.1

purl pkg:pypi/galaxy-data@23.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@23.2.1

url pkg:pypi/galaxy-data@24.0.0

purl pkg:pypi/galaxy-data@24.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.0

url pkg:pypi/galaxy-data@24.0.1

purl pkg:pypi/galaxy-data@24.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.1

url pkg:pypi/galaxy-data@24.0.2

purl pkg:pypi/galaxy-data@24.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.2

url pkg:pypi/galaxy-data@24.0.3

purl pkg:pypi/galaxy-data@24.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qzw-8ga2-2yd5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/galaxy-data@24.0.3

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-42346

reference_id

reference_type

scores

value	0.10297
scoring_system	epss
scoring_elements	0.93343
published_at	2026-06-11T12:55:00Z

value	0.10297
scoring_system	epss
scoring_elements	0.93364
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-42346

reference_url

https://github.com/galaxyproject/galaxy/security/advisories/GHSA-x6w7-3gwf-qr9r

reference_id

GHSA-x6w7-3gwf-qr9r

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-20T20:09:17Z/

url

https://github.com/galaxyproject/galaxy/security/advisories/GHSA-x6w7-3gwf-qr9r

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Exploits

Severity_range_score 5.4 - 7.6

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qzw-8ga2-2yd5

Vulnerability Instance