CVE-2024-42346

Name of the Vulnerable Software and Affected Versions Galaxy versions prior to the latest patched version

Description The issue concerns the editor visualization, specifically the "/visualizations" endpoint, which can be used to store HTML tags and trigger javascript execution upon an edit operation. Users are advised to upgrade as there are no known workarounds for this issue.

Recommendations For all affected versions of Galaxy, upgrade to the latest version that includes the supplied patches to resolve the issue. As a temporary workaround, consider restricting access to the "/visualizations" endpoint until the upgrade is applied.