CVE-2016-10726
N/A
N/A
Summary
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/DSpace/DSpace/releases/tag/dspace-5.5
- https://wiki.duraspace.org/display/DSDOC5x/Release+Notes
- https://jira.duraspace.org/browse/DS-3094
References
- https://github.com/DSpace/DSpace/releases/tag/dspace-5.5
- https://wiki.duraspace.org/display/DSDOC5x/Release+Notes
- https://jira.duraspace.org/browse/DS-3094
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.