HIGH 8.2
PYSEC-2026-750
Server-Side Request Forgery in scout-browser
상세
Pypi package scout-browser (GitHub repository clinical-genomics/scout) prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2022-1592 [ADVISORY]
- https://github.com/Clinical-Genomics/scout/issues/3325 [WEB]
- https://github.com/Clinical-Genomics/scout/pull/3326 [WEB]
- https://github.com/clinical-genomics/scout/commit/b0ef15f4737d0c801154c1991b52ff5cab4f5c83 [WEB]
- https://github.com/clinical-genomics/scout [PACKAGE]
- https://huntr.dev/bounties/352b39da-0f2e-415a-9793-5480cae8bd27 [WEB]
- https://pypi.org/project/scout-browser [PACKAGE]
- https://github.com/advisories/GHSA-g53g-q539-93cv [ADVISORY]