GHSA-QP5M-C3M9-8Q2P JSPUI vulnerable to path traversal in submission (resumable) upload

Impact The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters durin...

Path traversal

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

CVE-2022-31194

The CVE-2022-31194 issue affects DSpace JSPUI in the resumable upload path, where SubmissionController and FileUploadRequest allow path traversal to write files/directories on the server, limited to users with submitter privileges (not anonymous/basic users). Root cause: manipulating submission r...

CVE-2022-31194 Path traversal vulnerabilities in DSpace JSPUI submission upload

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...