Background

OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release.

Impact

OMERO.web before 5.9.0

Patches

5.9.0

Workarounds

No workaround

References

For more information

If you have any questions or comments about this advisory:

• Open an issue in omero-web
• Email us at security

References

• GHSA-gfp2-w5jm-955q
• ome/omero-web@952f8e5
• https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
• https://pypi.org/project/omero-web/
• https://www.openmicroscopy.org/security/advisories/2021-SV1/
• https://nvd.nist.gov/vuln/detail/CVE-2021-21376