Vulnerabilities > Duraspace
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-01 | CVE-2022-31189 | Information Exposure Through an Error Message vulnerability in Duraspace Dspace DSpace open source software is a repository application which provides durable access to digital resources. | 5.3 |
| 2022-08-01 | CVE-2022-31191 | Cross-site Scripting vulnerability in Duraspace Dspace DSpace open source software is a repository application which provides durable access to digital resources. | 6.1 |
| 2022-08-01 | CVE-2022-31192 | Cross-site Scripting vulnerability in Duraspace Dspace DSpace open source software is a repository application which provides durable access to digital resources. | 6.1 |
| 2022-08-01 | CVE-2022-31193 | Open Redirect vulnerability in Duraspace Dspace DSpace open source software is a repository application which provides durable access to digital resources. | 6.1 |
| 2022-08-01 | CVE-2022-31194 | Path Traversal vulnerability in Duraspace Dspace DSpace open source software is a repository application which provides durable access to digital resources. | 7.2 |
| 2022-08-01 | CVE-2022-31195 | Path Traversal vulnerability in Duraspace Dspace DSpace open source software is a repository application which provides durable access to digital resources. | 7.2 |
| 2022-08-01 | CVE-2022-31190 | Incorrect Authorization vulnerability in Duraspace Dspace DSpace open source software is a repository application which provides durable access to digital resources. | 5.3 |
| 2021-10-29 | CVE-2021-41189 | Incorrect Authorization vulnerability in Duraspace Dspace 7.0 DSpace is an open source turnkey repository application. | 7.2 |
| 2019-01-28 | CVE-2019-6986 | Resource Exhaustion vulnerability in Duraspace Vitro 1.10.0 SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | 7.5 |
| 2018-07-10 | CVE-2016-10726 | Path Traversal vulnerability in Duraspace Dspace The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. | 7.5 |