CVE-2019-9944

Name of the Vulnerable Software and Affected Versions Open Microscopy Environment OMERO.server versions 5.0.0 through 5.6.0

Description The issue allows the reading of files from imported image filesets to circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames.

Recommendations For versions 5.0.0 through 5.6.0, consider disabling the Bio-Formats feature until a patch is available to prevent the circumvention of OMERO permissions restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.