34 matches found
EUVD-2018-0501
Malware in sbrugna...
EUVD-2022-6519
Malicious code in bioql PyPI...
EUVD-2022-6510
Malicious code in bioql PyPI...
CVE-2022-31190
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...
GHSA-8RMH-55H4-93H5 DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import
Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...
de.the-library-code.dspace:addon-duplication-detection-service-api (>=6.2.0 <=6.3.1), de.the-library-code.dspace:addon-duplication-detection-service-jspui (>=6.2.0 <=6.3.1) +18 more potentially affected by CVE-2022-31195 via org.dspace:dspace-api (>=6.0 <=6.3)
org.dspace:dspace-api MAVEN version =6.0, =6.2.0, =6.2.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.0, =6.3 and more Source cves: CVE-2022-31195 Source advisory: OSV:GHSA-8RMH-55H4-93H5...
DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import
Impact ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible...
XMLUI's metadata of withdrawn Items is exposed to anonymous users
Impact Metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. However, this vulnerability is very low severity as Item metadata does not tend to contain highly secure or sensitiv...
org.dataone.dspace:auto-versioning-xmlui (>=5.4.0 <=5.4.2), org.dspace.modules:xmlui (>=4.0 <=6.3) potentially affected by CVE-2022-31190 via org.dspace:dspace-xmlui (>=4.0 <=6.3)
org.dspace:dspace-xmlui MAVEN version =4.0, =5.4.0, =4.0, =6.3 Source cves: CVE-2022-31190 Source advisory: OSV:GHSA-7W85-PP86-P4PQ...
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...
Information Disclosure
dspace-xmlui is vulnerable to information disclosure. The vulnerability exists because the generate function of DSpaceMETSGenerator.java does not properly check the read permissions for METS values, allowing an attacker to gain sensitive information through the XMLUI mets.xml object...
CVE-2022-31195
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...
Path traversal
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...
CVE-2022-31195 Path traversal vulnerability in Simple Archive Format package import in DSpace
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...
CVE-2022-31195 Path traversal vulnerability in Simple Archive Format package import in DSpace
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...
CVE-2022-31195
CVE-2022-31195 affects DSpace open source software, specifically the ItemImportServiceImpl, which is vulnerable to a path traversal when processing SAF packages. A malicious SAF package could cause a file/directory to be created anywhere writable by the Tomcat/DSpace user, but only if the attacke...
CVE-2022-31195 Path traversal vulnerability in Simple Archive Format package import in DSpace
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...
CVE-2022-31190
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...
Design/Logic Flaw
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...
CVE-2022-31190 Metadata of withdrawn Items is exposed to anonymous users in DSpace XMLUI
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...