GHSA-4m9r-5gqp-7j82
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4m9r-5gqp-7j82
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-4m9r-5gqp-7j82/GHSA-4m9r-5gqp-7j82.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4m9r-5gqp-7j82
- Aliases
- Published
- 2018-10-19T16:52:06Z
- Modified
- 2023-11-08T03:58:21.266725Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- High severity vulnerability that affects org.dspace:dspace-xmlui
- Details
-
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.
- Database specific
{ "nvd_published_at": null, "severity": "HIGH", "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:58:34Z" }- References
Affected packages
Maven / org.dspace:dspace-xmlui
Package
- Name
- org.dspace:dspace-xmlui
- View open source insights on deps.dev
- Purl
- pkg:maven/org.dspace/dspace-xmlui
Maven / org.dspace:dspace-xmlui
Package
- Name
- org.dspace:dspace-xmlui
- View open source insights on deps.dev
- Purl
- pkg:maven/org.dspace/dspace-xmlui
Maven / org.dspace:dspace-xmlui
Package
- Name
- org.dspace:dspace-xmlui
- View open source insights on deps.dev
- Purl
- pkg:maven/org.dspace/dspace-xmlui
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6
Affected versions
1.*
1.5-alpha
1.5.0-beta1
1.5.0-beta2
1.5.0-rc1
1.5.0
1.5.1-beta
1.5.1
1.5.2-rc1
1.5.2-rc2
1.5.2
1.6.0-rc1
1.6.0-rc2
1.6.0
1.6.1
1.6.2
1.7.0-rc1
1.7.0-rc2
1.7.0
1.7.1
1.7.2
1.7.3
1.8.0-rc1
1.8.0-rc2
1.8.0-rc3
1.8.0
1.8.1
1.8.2
1.8.3
3.*
3.0-rc1
3.0-rc2
3.0-rc3
3.0
3.1
3.2
3.3
3.4
3.5