Critical severityNVD Advisory· Published Jul 6, 2022· Updated Aug 3, 2024
Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues
CVE-2022-32533
Description
Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.portals.jetspeed-2:jetspeed-commonsMaven | <= 2.3.1 | — |
Affected products
2- Apache Software Foundation/Apache Portalsv5Range: Jetspeed 2.3.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h975-r69h-4w9pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-32533ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/07/06/1ghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2ghsax_refsource_MISCWEB
- www.openwall.com/lists/oss-security/2022/07/06/1ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.