CVE-2023-42812

Name of the Vulnerable Software and Affected Versions Galaxy versions prior to 22.05

Description Galaxy is an open-source platform for FAIR data analysis. It is vulnerable to server-side request forgery, which allows a malicious entity to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses.

Recommendations For Galaxy versions prior to 22.05, update to version 22.05 to resolve the issue. As a temporary workaround, consider restricting access to internal hosts to minimize the risk of exploitation.