Filtered by vendor Duraspace
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41189 | 1 Duraspace | 1 Dspace | 2021-11-03 | 9.0 HIGH | 7.2 HIGH |
| DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings. | |||||
| CVE-2019-6986 | 1 Duraspace | 1 Vitro | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | |||||
| CVE-2016-10726 | 1 Duraspace | 1 Dspace | 2018-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. | |||||