Lucene search
GoogleOSV:GHSA-HGQ9-Q8G2-3JMGHistoryMay 13, 2022 - 1:22 a.m.
Command Injection in VIVO Vitro
2022-05-1301:22:47
Google
osv.dev
7
command injection
sparql injection
vivo vitro
remote attacker
arbitrary execution
regular expression denial of service
filter regex
individual request
software
EPSS
0.009
Percentile
83.0%
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.
References
packetstormsecurity.com/files/172838/VIVO-SPARQL-Injection.html
github.com/kevinbackhouse/SecurityExploits/tree/0ec74459ac53685a7959ed58d580ef8abece3685/vivo-project
github.com/vivo-project/Vitro
github.com/vivo-project/Vitro/pull/111
github.com/vivo-project/Vitro/pull/111/commits/248ef19107a5ac6f86304fd8f3bc75f3787f8d49
jira.duraspace.org/browse/VIVO-1697
nvd.nist.gov/vuln/detail/CVE-2019-6986
Related
osv
osv
CVE-2019-6986
2019-01-28 15:29:00
cvelist
cvelist
CVE-2019-6986
2019-01-28 15:00:00
nvd
nvd
CVE-2019-6986
2019-01-28 15:29:00
prion
prion
Sql injection
2019-01-28 15:29:00
cve
cve
CVE-2019-6986
2019-01-28 15:29:00
github
github
Command Injection in VIVO Vitro
2022-05-13 01:22:47