VYPR

Maven package

org.codelibs.fess/fess

pkg:maven/org.codelibs.fess/fess

Vulnerabilities (2)

  • CVE-2025-48382May 27, 2025
    affected < 14.19.2fixed 14.19.2

    Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing

  • CVE-2018-1000822Dec 20, 2018
    affected < 12.3.2fixed 12.3.2

    codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML fil