CVE-2023-32637

Summary

GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.

Affected Software

VendorProductVersion RangeStatus
Generic Model Organism Database ProjectGBrowseunspecifiedaffected

Weaknesses

  • Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References