URL Redirection to Untrusted Site in Dspace JSPUI
Description
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.dspace:dspace-jspuiMaven | >= 4.0, < 5.11 | 5.11 |
org.dspace:dspace-jspuiMaven | >= 6.0, < 6.4 | 6.4 |
Affected products
2Patches
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
5- github.com/advisories/GHSA-763j-q7wv-vf3mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31193ghsaADVISORY
- github.com/DSpace/DSpace/commit/5f72424a478f59061dcc516b866dcc687bc3f9deghsax_refsource_MISCWEB
- github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9ghsax_refsource_MISCWEB
- github.com/DSpace/DSpace/security/advisories/GHSA-763j-q7wv-vf3mghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.