,
Damion
Message: 7
Date: Thu, 31 Jul 2014 14:55:57 -0400
From: Nate Coraor n...@bx.psu.edu
To: Galaxy Development galaxy-dev@lists.bx.psu.edu,
galaxy-annou...@lists.bx.psu.edu
Subject: [galaxy-dev] Galaxy Security Vulnerability
Message-ID: d482333d-384e-49c8-8dd8-c752e4b0a...@bx.psu.edu
A security vulnerability was recently discovered by Inge Alexander Raknes that
would allow a malicious person to execute arbitrary code on a Galaxy server.
The vulnerability was in a method that uses Python pickle functionality to
decode state information from tool forms. Because pickles can be
