VYPR

Maven package

org.apache.jackrabbit/jackrabbit-core

pkg:maven/org.apache.jackrabbit/jackrabbit-core

Vulnerabilities (3)

  • CVE-2025-58782Sep 8, 2025
    affected >= 1.0.0, < 2.22.2fixed 2.22.2

    Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR

  • CVE-2025-53689Jul 14, 2025
    affected >= 2.23.0-beta, < 2.23.2-betafixed 2.23.2-beta

    Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions

  • CVE-2015-1833May 29, 2015
    affected < 2.0.6fixed 2.0.6

    XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted