CVE-2022-31190

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-31190

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31190.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31190

Aliases

GHSA-7w85-pp86-p4pq

Published

2022-08-01T20:10:11Z

Modified

2026-03-14T11:46:27.618183Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Metadata of withdrawn Items is exposed to anonymous users in DSpace XMLUI

Details

DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31190.json",
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/dspace/dspace

Affected ranges

Type: GIT
Repo: https://github.com/dspace/dspace
Events: Introduced

d34e7b89a30b5ffd35556d6fe8936e5d8659415d

Fixed

66647c7bf939b202a4872d4c5ebda23bc62e807f

Affected versions

dspace-4.*

dspace-4.0

dspace-5.*

dspace-5.0

dspace-5.0-rc1

dspace-5.0-rc2

dspace-5.0-rc3

dspace-6.*

dspace-6.0

dspace-6.0-pre-DS-2701

dspace-6.0-rc1

dspace-6.0-rc2

dspace-6.0-rc3

dspace-6.0-rc4

dspace-6.1

dspace-6.2

dspace-6.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31190.json"