7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
31.0%
The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI.
This vulnerability does NOT impact the XMLUI or 7.x.
DSpace 6.x:
DSpace 5.x:
If at all possible, we recommend upgrading your DSpace site based on the upgrade instructions. However, if you are unable to do so, you can manually apply the above patches as follows:
[dspace-src]
folder, apply the patch, e.g. git apply [name-of-file].patch
mvn -U clean package
(This will recompile all DSpace code)ant update
(This will copy all updated WARs / configs to your installation directory). Depending on your setup you also may need to copy the updated WARs over to your Tomcat webapps folder.As a workaround, you can temporarily disable the “Request a Copy” feature by either commenting out the below configuration (or setting its value to empty):
# Comment out this default value
# request.item.type = all
Once your JSPUI site is patched, you can re-enable this setting. See https://wiki.lyrasis.org/display/DSDOC6x/Request+a+Copy for more information on this setting.
Discovered & reported by Andrea Bollini of 4Science
If you have any questions or comments about this advisory: