Lucene search

GoogleOSV:CVE-2022-31192

HistoryAug 01, 2022 - 9:15 p.m.

CVE-2022-31192

2022-08-0121:15:13

Google

osv.dev

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.0%

JSON

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CPENameOperatorVersion
dspaceeqdspace-6.0-pre-DS-2701
dspaceeqdspace-5.4
dspaceeqdspace-5.6
dspaceeqdspace-5.0-rc3
dspaceeqdspace-6.0-rc3
dspaceeqdspace-3.0-rc3
dspaceeqdspace-6.0-rc4
dspaceeqdspace-4.0
dspaceeqdspace-5.5
dspaceeqdspace-5.0-rc1

Name	Operator	Version
dspace	eq	dspace-6.0-pre-DS-2701
dspace	eq	dspace-5.4
dspace	eq	dspace-5.6
dspace	eq	dspace-5.0-rc3
dspace	eq	dspace-6.0-rc3
dspace	eq	dspace-3.0-rc3
dspace	eq	dspace-6.0-rc4
dspace	eq	dspace-4.0
dspace	eq	dspace-5.5
dspace	eq	dspace-5.0-rc1

Rows per page:

1-10 of 311

References

github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37

github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9

github.com/DSpace/DSpace/security/advisories/GHSA-4wm8-c2vv-xrpq