CVE-2023-32637
Publication date 25 July 2023
Last updated 26 August 2025
Ubuntu priority
Description
GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.
Read the notes from the security team
Why is this CVE high priority?
This has a high priority because it is a vulnerability that allows a remote attacker to execute code in a machine, and it looks to be easily exploitable given that it involves regular functionalities provided by the application.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gbrowse | 25.04 plucky |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |