Moderate severityNVD Advisory· Published Dec 15, 2023· Updated Aug 2, 2024
CVE-2023-6835
CVE-2023-6835
Description
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wso2.carbon.apimgt:forumMaven | <= 9.0.78 | — |
Affected products
2- Range: 3.3.1.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-w7rx-824v-rgx5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6835ghsaADVISORY
- security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/mitrevendor-advisory
- github.com/wso2/carbon-apimgt/blob/81e0c0b8ed0bd2dace1e9006be21acbb731c835e/components/forum/org.wso2.carbon.forum/src/main/java/org/wso2/carbon/forum/registry/RegistryForumManager.javaghsaWEB
- github.com/wso2/carbon-apimgt/commit/2e9591b72bc286dfcd22b57768e984d867c902baghsaWEB
- security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357ghsaWEB
News mentions
0No linked articles in our index yet.