Improper Validation of Specified Quantity in Input

CVE-2023-35932

High

8.8/10

Summary

Jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability affects jcvi versions through 1.3.5.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1284 - Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References

Advisory

Advisory Timeline

Published Jun 23, 2023

Improper Validation of Specified Quantity in Input

CVE-2023-35932

Summary

CWE-1284 - Improper Validation of Specified Quantity in Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS