Dspace@* Security Vulnerabilities and Issues — Dspace@* CVE List

Lucene search

DuraspaceDspace*

8 matches found

CVE•added 2022/08/01 9:15 p.m.•437 views

CVE-2022-31195

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be c...

7.2CVSS7AI score0.00118EPSS

CVE•added 2022/08/01 9:15 p.m.•95 views

CVE-2022-31194

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing...

8.2CVSS7.2AI score0.00118EPSS

CVE•added 2022/08/01 9:15 p.m.•93 views

CVE-2022-31193

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legi...

7.1CVSS6.3AI score0.00074EPSS

CVE•added 2022/08/01 9:15 p.m.•90 views

CVE-2022-31192

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item request...

7.1CVSS6.1AI score0.00088EPSS

CVE•added 2022/08/01 8:15 p.m.•78 views

CVE-2022-31190

DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn It...

5.3CVSS5.2AI score0.00096EPSS

CVE•added 2022/08/01 9:15 p.m.•74 views

CVE-2022-31189

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may ...

5.3CVSS5.1AI score0.00091EPSS

CVE•added 2022/08/01 9:15 p.m.•69 views

CVE-2022-31191

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autoc...

7.1CVSS6.2AI score0.00118EPSS

CVE•added 2018/07/10 11:29 a.m.•57 views

CVE-2016-10726

The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.

7.5CVSS7.5AI score0.00326EPSS