Overview
- Description
- DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-601
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:duraspace:dspace:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0931332-ACDA-450E-BDC7-BE5D44E27F66",
"versionEndIncluding": "5.10",
"versionStartIncluding": "4.0"
},
{
"criteria": "cpe:2.3:a:duraspace:dspace:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27C1503E-2C8B-43CD-8937-9ABE6C24C67F",
"versionEndExcluding": "6.4",
"versionStartExcluding": "6.0"
}
],
"operator": "OR"
}
]
}
]