2 matches found
XML External Entity (XXE) Injection
Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process during archive imports or when handling XML responses from upstream services. An attacker can access...
de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=6.0 <=6.3)
org.dspace:dspace-api MAVEN version =6.0, =6.2.0, =6.2.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.3 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...