West Shepherd

**Name of the Vulnerable Software and Affected Versions** MicrobeTRACE version 0.1.11 **Description** The issue allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. **Recommendations** For MicrobeTRACE version 0.1.11, update to a version released after 2018-03-28 to resolve the issue. As a temporary workaround, consider restricting the import of CSV files or validating their content to prevent code injection.

**Name of the Vulnerable Software and Affected Versions** MicrobeTRACE version 0.1.12 **Description** The issue allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line. **Recommendations** For MicrobeTRACE version 0.1.12, update to a version released after 2018-03-29 to resolve the issue. As a temporary workaround, consider restricting the import of CSV files or validating their content to prevent code injection attacks.

**Name of the Vulnerable Software and Affected Versions** ERS Data System version 1.8.1.0 **Description** The issue allows remote attackers to execute arbitrary code. It is related to the deserialization of the `com.branaghgroup.ecers.update.UpdateRequest` object. **Recommendations** For ERS Data System version 1.8.1.0, consider restricting the deserialization of the `com.branaghgroup.ecers.update.UpdateRequest` object to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.