Vulnerabilities > Duraspace

DATE CVE VULNERABILITY TITLE RISK
2022-08-01 CVE-2022-31189 Unspecified vulnerability in Duraspace Dspace
DSpace open source software is a repository application which provides durable access to digital resources.
network
low complexity
duraspace
5.3
2022-08-01 CVE-2022-31191 Unspecified vulnerability in Duraspace Dspace
DSpace open source software is a repository application which provides durable access to digital resources.
network
low complexity
duraspace
6.1
2022-08-01 CVE-2022-31192 Unspecified vulnerability in Duraspace Dspace
DSpace open source software is a repository application which provides durable access to digital resources.
network
low complexity
duraspace
6.1
2022-08-01 CVE-2022-31193 Unspecified vulnerability in Duraspace Dspace
DSpace open source software is a repository application which provides durable access to digital resources.
network
low complexity
duraspace
6.1
2022-08-01 CVE-2022-31194 Unspecified vulnerability in Duraspace Dspace
DSpace open source software is a repository application which provides durable access to digital resources.
network
low complexity
duraspace
7.2
2022-08-01 CVE-2022-31195 Unspecified vulnerability in Duraspace Dspace
DSpace open source software is a repository application which provides durable access to digital resources.
network
low complexity
duraspace
7.2
2022-08-01 CVE-2022-31190 Incorrect Authorization vulnerability in Duraspace Dspace
DSpace open source software is a repository application which provides durable access to digital resources.
network
low complexity
duraspace CWE-863
5.3
2021-10-29 CVE-2021-41189 Incorrect Authorization vulnerability in Duraspace Dspace 7.0
DSpace is an open source turnkey repository application.
network
low complexity
duraspace CWE-863
7.2
2019-01-28 CVE-2019-6986 Resource Exhaustion vulnerability in Duraspace Vitro 1.10.0
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.
network
low complexity
duraspace CWE-400
7.5
2018-07-10 CVE-2016-10726 Path Traversal vulnerability in Duraspace Dspace
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.
network
low complexity
duraspace CWE-22
7.5