2 matches found
org.dataone.dspace:auto-versioning-xmlui (>=5.4.0 <=5.4.2), org.dspace.modules:xmlui (>=5.0 <=5.11) potentially affected by CVE-2016-10726 via org.dspace:dspace-xmlui (>=5.0 <=5.4)
org.dspace:dspace-xmlui MAVEN version =5.0, =5.4.0, =5.0, =5.11 Source cves: CVE-2016-10726 Source advisory: OSV:GHSA-4M9R-5GQP-7J82...
CVE-2016-10726
CVE-2016-10726 affects the DSpace XMLUI component. It describes a directory traversal vulnerability in the XMLUI feature present in DSpace versions: before 3.6, 4.x before 4.5, and 5.x before 5.5. The underlying issue is traversal via the themes/ path when a URI contains two or more arbitrary cha...