scout-browser@4.72.4 vulnerabilities

Clinical DNA variant visualizer and browser.

latest version

4.91.1
latest non vulnerable version

4.91.1
first published

9 years ago
latest version published

2 days ago
licenses detected
- BSD-2-Clause
  [0,)
View scout-browser package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the scout-browser package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M URL Redirection to Untrusted Site ('Open Redirect') scout-browser is a Clinical DNA variant visualizer and browser. Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to absence of sanitization logic of `next` parameter in `/login` API endpoint. The attacker can redirect victims to a controlled malicious website attempting to steal sensitive information. Note: Due to lack of scheme validation, the attacker can attempt to perform HTTPS Downgrade Attack to perform Man-in-the-Middle attack to steal sessions to perform account takeover. How to fix URL Redirection to Untrusted Site ('Open Redirect')? Upgrade `scout-browser` to version 4.89 or higher.	[,4.89)
M Improper Escaping of Output scout-browser is a Clinical DNA variant visualizer and browser. Affected versions of this package are vulnerable to Improper Escaping of Output due to the lack of sanitization in the `controllers.downloaded_panel_name` function. An attacker can inject malicious data inside the file and upload it with filename containing malicious extension, making the victim unknowingly download malicious files, which may lead to the compromise of their devices or data. How to fix Improper Escaping of Output? Upgrade `scout-browser` to version 4.89 or higher.	[,4.89)

URL Redirection to Untrusted Site ('Open Redirect')

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to absence of sanitization logic of next parameter in /login API endpoint. The attacker can redirect victims to a controlled malicious website attempting to steal sensitive information.

Note: Due to lack of scheme validation, the attacker can attempt to perform HTTPS Downgrade Attack to perform Man-in-the-Middle attack to steal sessions to perform account takeover.

How to fix URL Redirection to Untrusted Site ('Open Redirect')?

Upgrade scout-browser to version 4.89 or higher.

[,4.89)

Improper Escaping of Output

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to Improper Escaping of Output due to the lack of sanitization in the controllers.downloaded_panel_name function. An attacker can inject malicious data inside the file and upload it with filename containing malicious extension, making the victim unknowingly download malicious files, which may lead to the compromise of their devices or data.

How to fix Improper Escaping of Output?

Upgrade scout-browser to version 4.89 or higher.

[,4.89)

Go back to all versions of this package

scout-browser@4.72.4 vulnerabilities

Clinical DNA variant visualizer and browser.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities