Maven package
org.dspace/dspace-api
pkg:maven/org.dspace/dspace-api
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53622 | Med | 5.2 | < 7.6.4 | 7.6.4 | Jul 15, 2025 | DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive (in Simple Archive Format), either from command-line (`./d | |
| CVE-2025-53621 | Med | 6.9 | < 7.6.4 | 7.6.4 | Jul 15, 2025 | DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity (XXE) injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XM | |
| CVE-2022-31195 | — | >= 4.0, < 5.11 | 5.11 | Aug 1, 2022 | DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a fil | ||
| CVE-2021-41189 | — | >= 7.0, < 7.1 | 7.1 | Oct 29, 2021 | DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in ver |
- affected < 7.6.4fixed 7.6.4
DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive (in Simple Archive Format), either from command-line (`./d
- affected < 7.6.4fixed 7.6.4
DSpace open source software is a repository application which provides durable access to digital resources. Two related XML External Entity (XXE) injection possibilities impact all versions of DSpace prior to 7.6.4, 8.2, and 9.1. External entities are not disabled when parsing XM
- CVE-2022-31195Aug 1, 2022affected >= 4.0, < 5.11fixed 5.11
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a fil
- CVE-2021-41189Oct 29, 2021affected >= 7.0, < 7.1fixed 7.1
DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in ver