Pypi package scout-browser (GitHub repository clinical-genomics/scout) prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-1592
• Clinical-Genomics/scout@b0ef15f
• https://huntr.dev/bounties/352b39da-0f2e-415a-9793-5480cae8bd27
• Clinical-Genomics/scout#3325
• Clinical-Genomics/scout#3326