JSPUI vulnerable to path traversal in submission (resumable) upload

Impact The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters durin...

Path Traversal

org.dspace:dspace-jspui is vulnerable to path traversal. The vulnerability exists due to the resumable upload implementations in SubmissionController and FileUploadRequest components, which allows an attacker to modify request parameters during submission and create files or directories anywhere ...

CVE-2022-31194

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

DSpace 路径遍历漏洞

DSpace is an open source turnkey repository application from the DuraSpace community. A path traversal vulnerability exists in DSpace versions 4.0 through 6.3, which stems from a JSPUI in SubmissionController and FileUploadRequest that allows an attacker to create Tomcat/DSpace user-writable file...