Maven package
org.apache.archiva/archiva-common
pkg:maven/org.apache.archiva/archiva-common
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27140 | — | >= 2.0.0, <= 2.2.10 | — | Mar 1, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this | ||
| CVE-2022-40309 | — | < 2.2.9 | 2.2.9 | Nov 15, 2022 | Users with write permissions to a repository can delete arbitrary directories. | ||
| CVE-2022-40308 | — | < 2.2.9 | 2.2.9 | Nov 15, 2022 | If anonymous read enabled, it's possible to read the database file directly without logging in. |
- CVE-2024-27140Mar 1, 2024affected >= 2.0.0, <= 2.2.10
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this
- CVE-2022-40309Nov 15, 2022affected < 2.2.9fixed 2.2.9
Users with write permissions to a repository can delete arbitrary directories.
- CVE-2022-40308Nov 15, 2022affected < 2.2.9fixed 2.2.9
If anonymous read enabled, it's possible to read the database file directly without logging in.