Tripal BLAST UI - Highly Critical - Remote Code Execution
* Advisory ID: DRUPAL-SA-CONTRIB-2016-054
* Project: Tripal BLAST UI (third-party module)
* Version: 7.x
* Date: 2016-October-26
* Security risk: 20/25 ( Highly Critical)
* Vulnerability: Remote code execution
DESCRIPTION
This module enables you to run NCBI BLAST jobs on the host system.
The module doesn't sufficiently validate advanced options available to users
submitting BLAST jobs, thereby exposing the ability to enter a short snippet
of shell code that will be executed when the BLAST job is run.