4 matches found
CVE-2022-31190
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...
org.dataone.dspace:auto-versioning-xmlui (>=5.4.0 <=5.4.2), org.dspace.modules:xmlui (>=4.0 <=6.3) potentially affected by CVE-2022-31190 via org.dspace:dspace-xmlui (>=4.0 <=6.3)
org.dspace:dspace-xmlui MAVEN version =4.0, =5.4.0, =4.0, =6.3 Source cves: CVE-2022-31190 Source advisory: OSV:GHSA-7W85-PP86-P4PQ...
CVE-2022-31190
CVE-2022-31190 (DSpace XMLUI) affects DSpace XMLUI by exposing metadata of withdrawn items via the mets.xml object when the handle/URL is known. The issue is limited to the XMLUI component; JSPUI and 7.x are not impacted. Impact is information disclosure of withdrawn-item metadata, not full compr...
CVE-2022-31190 Metadata of withdrawn Items is exposed to anonymous users in DSpace XMLUI
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...