Path Traversal due to `send_file` call in clinical-genomics/scout
CVE-2022-1554

6.8MEDIUM

Key Information:

Vendor: Clinical-genomics
Status: Clinical-genomics/scout
Vendor: CVE Published:; 3 May 2022

🔔 Create Clinical-genomics Vulnerability Alert

What is CVE-2022-1554?

Path Traversal due to send_file call in GitHub repository clinical-genomics/scout prior to 4.52.

Affected Version(s)

clinical-genomics/scout < 4.52

References

https://huntr.dev/bounties/7acac778-5ba4-4f02-99e2-e4e17a...

x_refsource_CONFIRM

https://github.com/clinical-genomics/scout/commit/952a2e2...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2022
Vulnerability Reserved
May 3, 2022

.

CVE-2022-1554 : Path Traversal due to `send_file` call in clinical-genomics/scout