affects OMERO.web versions prior to 5.9.0
OMERO.web exposes some unnecessary session information in the page.
OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release.
This vulnerability is identified as CVE-2021-21376 and GHSA-gfp2-w5jm-955q.
OMERO.web before 5.9.0.
All OMERO.web should be upgraded to at least 5.9.0.
© 2005-2024 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2024.04.15