Safety vulnerability ID: 40088
The information on this page was manually curated by our Cybersecurity Intelligence Team.
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0. See CVE-2021-21376.
Latest version: 5.25.0
OMERO.web
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0. See CVE-2021-21376.
CONFIRM:https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q: https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q
MISC:https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021: https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
MISC:https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c: https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
MISC:https://pypi.org/project/omero-web/: https://pypi.org/project/omero-web/
MISC:https://www.openmicroscopy.org/security/advisories/2021-SV1/: https://www.openmicroscopy.org/security/advisories/2021-SV1/
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application