Ubuntu
gbrowse package

Overview
Code
Bugs
Blueprints
Translations
Answers

CVE-2023-32637

Bug #2102272 reported by Bug Importer on 2025-04-24

256

This bug affects 1 person

	Status	Importance	Assigned to
Simple Database Project	Fix Released	High	Unassigned
gbrowse (Ubuntu)	New	High	Unassigned
Trusty	Won't Fix	High	Unassigned
Xenial	Won't Fix	High	Unassigned

Bug Description

GBrowse accepts files with any formats uploaded and places them in the area
accessible through unauthenticated web requests. Therefore, anyone who can
upload files through the product may execute arbitrary code on the server.

References:
https://jvn.jp/en/jp/JVN35897618/
https://jbrowse.org/jb2/
http://gmod.org/wiki/GBrowse
https://www.cve.org/CVERecord?id=CVE-2023-32637

CVE References

2023-32637

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntugbrowse package