scout-browser@4.63 vulnerabilities

Clinical DNA variant visualizer and browser.

Direct Vulnerabilities

Known vulnerabilities in the scout-browser package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
URL Redirection to Untrusted Site ('Open Redirect')

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to absence of sanitization logic of next parameter in /login API endpoint. The attacker can redirect victims to a controlled malicious website attempting to steal sensitive information.

Note: Due to lack of scheme validation, the attacker can attempt to perform HTTPS Downgrade Attack to perform Man-in-the-Middle attack to steal sessions to perform account takeover.

How to fix URL Redirection to Untrusted Site ('Open Redirect')?

Upgrade scout-browser to version 4.89 or higher.

[,4.89)
  • M
Improper Escaping of Output

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to Improper Escaping of Output due to the lack of sanitization in the controllers.downloaded_panel_name function. An attacker can inject malicious data inside the file and upload it with filename containing malicious extension, making the victim unknowingly download malicious files, which may lead to the compromise of their devices or data.

How to fix Improper Escaping of Output?

Upgrade scout-browser to version 4.89 or higher.

[,4.89)