; Date: Thu, 31 Jul 2014 14:55:57 -0400
> From: Nate Coraor
> To: Galaxy Development ,
> galaxy-annou...@lists.bx.psu.edu
> Subject: [galaxy-dev] Galaxy Security Vulnerability
> Message-ID:
> Content-Type: text/plain; charset="us-ascii"
>
> A security v
hand?
Regards,
Damion
Message: 7
Date: Thu, 31 Jul 2014 14:55:57 -0400
From: Nate Coraor
To: Galaxy Development ,
galaxy-annou...@lists.bx.psu.edu
Subject: [galaxy-dev] Galaxy Security Vulnerability
Message-ID:
Content-Type: text/plain; charset="us-ascii"
A security v
A security vulnerability was recently discovered by Inge Alexander Raknes that
would allow a malicious person to execute arbitrary code on a Galaxy server.
The vulnerability was in a method that uses Python "pickle" functionality to
decode state information from tool forms. Because pickles can b