Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-42351
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-20 Sep, 2024 | 19:15
Updated At-15 Aug, 2025 | 14:17

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy (and more back to release_21.05) were amended with the below patch. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
galaxyproject
galaxyproject
>>galaxy>>Versions before 21.05(exclusive)
cpe:2.3:a:galaxyproject:galaxy:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarysecurity-advisories@github.com
NVD-CWE-noinfoPrimarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://depot.galaxyproject.org/patch/GX-2024-0001/022da344a02bafd604402ac8e253e0014f6e2e08.patchsecurity-advisories@github.com
Patch
https://depot.galaxyproject.org/patch/GX-2024-0001/15060a6cb222f2fcfc687d0f0260f1eb1b9c757b.patchsecurity-advisories@github.com
Patch
https://depot.galaxyproject.org/patch/GX-2024-0001/235f1d8b400708556732b9dda788c919ebf3bb80.patchsecurity-advisories@github.com
Patch
https://github.com/galaxyproject/galaxy/security/advisories/GHSA-5639-cmph-9j4vsecurity-advisories@github.com
Patch
Vendor Advisory
Change History
0Changes found
Details not found