Ghepardo

**Name of the Vulnerable Software and Affected Versions** Galaxy versions 22.01 and higher **Description** Galaxy is an open-source platform for data analysis. An arbitrary file read exists due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This issue is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy's internal middleware. **Recommendations** For Galaxy versions 22.01 and higher, users are advised to manually patch their installations using commit `e5e6bda4f`. As a temporary workaround, consider using Nginx or Apache to serve /static/* contents instead of Galaxy's internal middleware to minimize the risk of exploitation.