Dspace Security Vulnerabilities and Issues — Dspace CVE List

Lucene search

DuraspaceDspace

9 matches found

CVE•added 2022/08/01 9:15 p.m.•436 views

CVE-2022-31195

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be c...

7.2CVSS7AI score0.00118EPSS

CVE•added 2022/08/01 9:15 p.m.•94 views

CVE-2022-31194

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing...

8.2CVSS7.2AI score0.00118EPSS

CVE•added 2022/08/01 9:15 p.m.•92 views

CVE-2022-31193

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legi...

7.1CVSS6.3AI score0.00074EPSS

CVE•added 2022/08/01 9:15 p.m.•90 views

CVE-2022-31192

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item request...

7.1CVSS6.1AI score0.00088EPSS

CVE•added 2022/08/01 8:15 p.m.•78 views

CVE-2022-31190

DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn It...

5.3CVSS5.2AI score0.00096EPSS

CVE•added 2022/08/01 9:15 p.m.•74 views

CVE-2022-31189

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may ...

5.3CVSS5.1AI score0.00091EPSS

CVE•added 2022/08/01 9:15 p.m.•69 views

CVE-2022-31191

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autoc...

7.1CVSS6.2AI score0.00118EPSS

CVE•added 2021/10/29 6:15 p.m.•65 views

CVE-2021-41189

DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a work...

9CVSS6.9AI score0.00607EPSS

CVE•added 2018/07/10 11:29 a.m.•57 views

CVE-2016-10726

The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.

7.5CVSS7.5AI score0.00326EPSS