Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-qp5m-c3m9-8q2p: JSPUI vulnerable to path traversal in submission (resumable) upload

### Impact The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges (submitter rights). This vulnerability only impacts the JSPUI. _This vulnerability does NOT impact the XMLUI or 7.x._ ### Patches _DSpace 6.x:_ * Fixed in 6.4 via commit: https://github.com/DSpace/DSpace/commit/7569c6374aefeafb996e202cf8d631020eda5f24 * 6.x patch file: https://github.com/DSpace/DSpace/commit/7569c6374aefeafb996e202cf8d631020eda5f24.patch (may be applied manually if an immediate upgrade to 6.4 or above is not possible) _DSpace 5.x:_ * Fixed in 5.11 via commit: https://github.com/DSpace/DSpace/commit/d1dd7d23329ef055069759df15cfa200c8e3 * 5.x patch file: https://github.com/DSpace/DSpa...

ghsa
Open in Source
#vulnerability#web#mac#js#git
GHSA-763j-q7wv-vf3m: JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11

### Impact The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. _This vulnerability does NOT impact the XMLUI or 7.x._ ### Patches _DSpace 6.x:_ * Fixed in 6.x via commit: https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9 * 6.x patch file: https://github.com/DSpace/DSpace/commit/f7758457b7ec3489d525e39aa753cc70809d9ad9.patch (may be applied manually if an immediate upgrade to 6.4 or above is not possible) _DSpace 5.x:_ * Fixed in 5.x via commit: https://github.com/DSpace/DSpace/commit/5f72424a478f59061dcc516b866dcc687bc3f9de * 5.x patch file: https://github.com/DSpace/DSpace/commit/5f72424a478f59061dcc516b866dcc687bc3f9de.patch (may be applied manually if an immediate upgrade to 5.11 or 6,4 or above is not possible) #### Apply the patc...

GHSA-4wm8-c2vv-xrpq: JSPUI Possible Cross Site Scripting in "Request a Copy" Feature

### Impact The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. _This vulnerability does NOT impact the XMLUI or 7.x._ ### Patches _DSpace 6.x:_ * Fixed in 6.4 via commit: https://github.com/DSpace/DSpace/commit/503a6af57fd720c37b0d86c34de63baa5dd85819 * 6.x patch file: https://github.com/DSpace/DSpace/commit/503a6af57fd720c37b0d86c34de63baa5dd85819.patch (may be applied manually if an immediate upgrade to 6.4 is not possible) _DSpace 5.x:_ * Fixed in 5.11 via commit: https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37 * 5.x patch file: https://github.com/DSpace/DSpace/commit/28eb8158210d41168a62ed5f9e044f754513bc37.patch (may be applied manually if an immediate upgrade to 5.11 or 6.4 is not possible) #### Apply the patch to your DSpace If at all possible, we recommend upgradi...

GHSA-c558-5gfm-p2r8: Cross Site Scripting (XSS) possible in JSPUI spellcheck and autocomplete tools

### Impact The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. _This vulnerability does NOT impact the XMLUI or 7.x._ ### Patches _DSpace 6.x:_ * Fixed in 6.4 via two commits: * Fix for spellcheck: https://github.com/DSpace/DSpace/commit/ebb83a75234d3de9be129464013e998dc929b68d * Fix for autocomplete: https://github.com/DSpace/DSpace/commit/35030a23e48b5946f5853332c797e1c4adea7bb7 * 6.x patch files available (may be applied manually if an immediate upgrade to 6.4 or above is not possible) * Fix for spellcheck: https://github.com/DSpace/DSpace/commit/ebb83a75234d3de9be129464013e998dc929b68d.patch * Fix for autocomplete: https://github.com/DSpace/DSpace/commit/35030a23e48b5946f5853332c797e1c4adea7bb7.patch _DSpace 5.x:_ * Fixed in 5.11 via two co...

GHSA-7w85-pp86-p4pq: XMLUI's metadata of withdrawn Items is exposed to anonymous users

### Impact Metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. However, this vulnerability is very low severity as Item metadata does not tend to contain highly secure or sensitive information. _This vulnerability does NOT impact the JSPUI or 7.x._ ### Patches Because of the low severity of this security issue, it requires updating to 6.4 to resolve. _No patch is available for 5.x or below._ _DSpace 6.x:_ * Fixed in 6.4 via #2451 * 6.x patch file: https://github.com/DSpace/DSpace/commit/574e25496a40173653ae7d0a49a19ed8e3458606.patch (may be applied manually if an immediate upgrade to 6.4 or above is not possible) #### Apply the patch to your DSpace If at all possible, we recommend upgrading your DSpace site based on the upgrade instructions. However, if you are unable to do so, you can manually apply the above patches as follows: 1. Download the appropriate ...

GHSA-c2j7-66m3-r4ff: JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization

### Impact When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. _This vulnerability does NOT impact the XMLUI or 7.x._ ### Patches _DSpace 6.x:_ * Fixed in 6.4 via commit: https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a * 6.x patch file: https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a.patch (may be applied manually if an immediate upgrade to 6.4 or above is not possible) _DSpace 5.x:_ * The 6.x patch file can also be applied to an older 5.x installation. * Alternatively, you can simply apply the workaround documented below. The detailed error information embedded in `internal.jsp` is not necessary for the JSPUI to function. #### Apply the patch to your DSpace If at all possible, we recommend upgrading your DSpace...

GHSA-j47c-j42c-mwqq: Solana Pay Vulnerable to Weakness in Transfer Validation Logic

### Description When a Solana Pay transaction is located using a [reference key](https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference), it may be checked to represent a transfer of the desired amount to the recipient, using the supplied [`validateTransfer` function](https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts). An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. ### Impact Most known Solana Pay point of sale applications are currently run on physical point of sale devices, which makes this issue unlikely to occur. However, there may be web-based point of sale applications using the protocol where it may be more likely to occur. ### Patches This issue has been patched as of version [`0.2.1`](https://www.npmjs.com/package/@solana/pay/v/0.2.1). Users of the Solana Pay SDK should upgrade to it.

GHSA-xh3v-6f9j-wxw3: Drupal core Information Disclosure vulnerability

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) `$config['image.settings']['allow_insecure_derivatives']` or (Drupal 7) `$conf['image_allow_insecure_derivatives']` to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.

GHSA-7xr3-6ggc-wc9p: untangle before 1.2.1 vulnerable to XML Entity Expansion

### Impact An attacker may be able to cause a denial-of-service (DoS) condition on the server on which the product is running. This affects untangle versions up to and including 1.2.0 ### Patches The problem has been fixed with version 1.2.1 ### Workarounds None ### References https://jvn.jp/en/jp/JVN30454777/ ### For more information If you have any questions or comments about this advisory: * Open an [issue](https://github.com/stchris/untangle/issues)

GHSA-f83q-2cp7-qrjg: untangle before 1.2.1 vulnerable to Improper Restriction of XML External Entity Reference

### Impact An attacker may be able to read the contents of local files. This affects untangle versions up to and including 1.2.0 ### Patches The problem has been fixed with version 1.2.1 ### Workarounds None ### References https://jvn.jp/en/jp/JVN30454777/ ### For more information If you have any questions or comments about this advisory: * Open an [issue](https://github.com/stchris/untangle/issues)