Vulnerability Description
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Duraspace | Dspace | >= 4.0, < 6.4 |
Related Weaknesses (CWE)
References
- https://github.com/DSpace/DSpace/commit/574e25496a40173653ae7d0a49a19ed8e3458606PatchThird Party Advisory
- https://github.com/DSpace/DSpace/pull/2451PatchThird Party Advisory
- https://github.com/DSpace/DSpace/security/advisories/GHSA-7w85-pp86-p4pqPatchThird Party Advisory
- https://github.com/DSpace/DSpace/commit/574e25496a40173653ae7d0a49a19ed8e3458606PatchThird Party Advisory
- https://github.com/DSpace/DSpace/pull/2451PatchThird Party Advisory
- https://github.com/DSpace/DSpace/security/advisories/GHSA-7w85-pp86-p4pqPatchThird Party Advisory
FAQ
What is CVE-2022-31190?
CVE-2022-31190 is a vulnerability with a CVSS score of 5.3 (MEDIUM). DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item...
How severe is CVE-2022-31190?
CVE-2022-31190 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31190?
Check the references section above for vendor advisories and patch information. Affected products include: Duraspace Dspace.