Vulnerabilities > Duraspace > Dspace > 3.4

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-10	CVE-2016-10726	Path Traversal vulnerability in Duraspace Dspace The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. network low complexity duraspace CWE-22	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.