GHSA-VHVX-8XGC-99WF DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format

Impact A path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command or from the "Batch Import Zip" user interface feature. This vulnerability likely impacts all versions of DSpace 1.x = 7.6.3, 8.0 = 8.1, and...

Directory Traversal

Overview org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Directory Traversal in the import process when handling Simple Archive Format packages. An attacker can access sensitive files on the server by crafting a malicious...

CVE-2025-53621 DSpace vulnerable to XML External Entity (XXE) injection in import via Simple Archive Format (SAF) or import from external sources

DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity XXE injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XML files during impo...