Homepage
About Snyk

Improper Escaping of Output Affecting scout-browser package, versions [,4.89)

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept
    EPSS
    0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-SCOUTBROWSER-8136836
  • published 1 Oct 2024
  • disclosed 30 Sep 2024
  • credit Letm3through
Report a new vulnerability Found a mistake?

Introduced: 30 Sep 2024

CVE-2024-47531 Open this link in a new tab
CWE-116 Open this link in a new tab

How to fix?

Upgrade scout-browser to version 4.89 or higher.

Overview

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to Improper Escaping of Output due to the lack of sanitization in the controllers.downloaded_panel_name function. An attacker can inject malicious data inside the file and upload it with filename containing malicious extension, making the victim unknowingly download malicious files, which may lead to the compromise of their devices or data.

CVSS Scores

version 4.0
version 3.1
Expand this section

Snyk

Recommended
6.1 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Attack Requirements (AT)
    None
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    Passive
  • Confidentiality (VC)
    Low
  • Integrity (VI)
    Low
  • Availability (VA)
    None
  • Confidentiality (SC)
    High
  • Integrity (SI)
    None
  • Availability (SA)
    None