CVE-2022-31190

Exposure of Sensitive Information to an Unauthorized Actor in maven/org.dspace/dspace-xmlui

Identifiers

GHSA-7w85-pp86-p4pq, CVE-2022-31190

Package Slug

maven/org.dspace/dspace-xmlui

Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor

Description

DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.

Affected Versions

All versions starting from 4.0 up to 6.3

Solution

Upgrade to version 6.4 or above.

Last Modified

2022-08-09

source