scout-browser@4.51 vulnerabilities

Clinical DNA variant visualizer and browser.

Direct Vulnerabilities

Known vulnerabilities in the scout-browser package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
URL Redirection to Untrusted Site ('Open Redirect')

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to absence of sanitization logic of next parameter in /login API endpoint. The attacker can redirect victims to a controlled malicious website attempting to steal sensitive information.

Note: Due to lack of scheme validation, the attacker can attempt to perform HTTPS Downgrade Attack to perform Man-in-the-Middle attack to steal sessions to perform account takeover.

How to fix URL Redirection to Untrusted Site ('Open Redirect')?

Upgrade scout-browser to version 4.89 or higher.

[,4.89)
  • M
Improper Escaping of Output

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to Improper Escaping of Output due to the lack of sanitization in the controllers.downloaded_panel_name function. An attacker can inject malicious data inside the file and upload it with filename containing malicious extension, making the victim unknowingly download malicious files, which may lead to the compromise of their devices or data.

How to fix Improper Escaping of Output?

Upgrade scout-browser to version 4.89 or higher.

[,4.89)
  • C
Server-side Request Forgery (SSRF)

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). Pypi package scout-browser (GitHub repository clinical-genomics/scout) prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting.

How to fix Server-side Request Forgery (SSRF)?

Upgrade scout-browser to version 4.52 or higher.

[,4.52)
  • M
Directory Traversal

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to Directory Traversal due to improper user-input sanitization, via to the send_file call.

How to fix Directory Traversal?

Upgrade scout-browser to version 4.52 or higher.

[,4.52)