Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-h975-r69h-4w9p: Insufficient user input in Apache Jetspeed-2

** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option “xss.filter.post = true” may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.

ghsa
Open in Source
#xss#csrf#apache#git#ssrf

Insufficient user input in Apache Jetspeed-2

High severity GitHub Reviewed Published Jul 7, 2022 • Updated Jul 8, 2022

Related news

CVE-2022-32533: security - CVE-2022-32533: Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues

** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.

ghsa: Latest News

GHSA-g85v-wf27-67xc: Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
ghsa