Parsl Monitoring Visualization Vulnerable to SQL Injection
Affected Product: Parsl (Python Parallel Scripting Library) Component: parsl.monitoring.visualization Vulnerability Type: SQL Injection (CWE-89) Severity: High (CVSS Rating Recommended: 7.5 - 8.6) URL: https://github.com/Parsl/parsl/blob/master/parsl/monitoring/visualization/views.py Summary A SQL Injection vulnerability exists in the parsl-visualize component of the Parsl library. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to …