Affected packages
@ckeditor/ckeditor5-markdown-gfm
@ckeditor/ckeditor5-html-support
@ckeditor/ckeditor5-html-embed
Impact
A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages. The vulnerability allowed…
[drupal/core] Drupal core arbitrary PHP code execution
Drupal core sanitizes filenames with dangerous extensions upon upload and strips leading and trailing dots from filenames to prevent uploading server configuration files.
However, the protections for these two vulnerabilities previously did not work co…
[streamlit] Streamlit directory traversal vulnerability
Impact
Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive informati…
[org.postgresql:postgresql] PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
Impact
What kind of vulnerability is it? Who is impacted?
The PGJDBC implementation of the java.sql.ResultRow.refreshRow() method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could …
[org.dspace:dspace-api] DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import
Impact
ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, th…
[org.dspace:dspace-jspui] JSPUI vulnerable to path traversal in submission (resumable) upload
Impact
The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace use…
[org.dspace:dspace-jspui] JSPUI’s controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11
Impact
The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a sit…
[org.dspace:dspace-jspui] JSPUI Possible Cross Site Scripting in “Request a Copy” Feature
Impact
The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI.
This vulnerabi…
[org.dspace:dspace-jspui] Cross Site Scripting (XSS) possible in JSPUI spellcheck and autocomplete tools
Impact
The JSPUI spellcheck “Did you mean” HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulne…
[org.dspace:dspace-xmlui] XMLUI’s metadata of withdrawn Items is exposed to anonymous users
Impact
Metadata on a withdrawn Item is exposed via the XMLUI “mets.xml” object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI.
However, this vulnerability is very low severity as Item metadata does …