Medium severity5.3NVD Advisory· Published Aug 1, 2022· Updated Jun 17, 2026
CVE-2022-31190
CVE-2022-31190
Description
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.dspace:dspace-xmluiMaven | >= 4.0, < 6.4 | 6.4 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/DSpace/DSpace/commit/574e25496a40173653ae7d0a49a19ed8e3458606.patchnvdPatchThird Party AdvisoryWEB
- github.com/DSpace/DSpace/pull/2451nvdPatchThird Party AdvisoryWEB
- github.com/DSpace/DSpace/security/advisories/GHSA-7w85-pp86-p4pqnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-7w85-pp86-p4pqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31190ghsaADVISORY
News mentions
0No linked articles in our index yet.