GHSA-h975-r69h-4w9p

Опубликовано: 07 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Insufficient user input in Apache Jetspeed-2

** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.

Ссылки

Пакеты

Наименование

org.apache.portals.jetspeed-2:jetspeed-commons

maven

Затронутые версииВерсия исправления

<= 2.3.1

Отсутствует

EPSS

Процентиль: 93%

0.11553

Средний

9.8 Critical

CVSS3

CVE ID

CVE-2022-32533

Дефекты

CWE-352

CWE-611

CWE-79

CWE-918

Связанные уязвимости

CVE-2022-32533

CVSS3: 9.8

nvd

больше 3 лет назад

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue

EPSS

Процентиль: 93%

0.11553

Средний

9.8 Critical

CVSS3

CVE ID

CVE-2022-32533

Дефекты

CWE-352

CWE-611

CWE-79

CWE-918