[MAVEN:GHSA-H975-R69H-4W9P] Insufficient user input in Apache Jetspeed-2
Severity
Critical
Affected Packages
1
CVEs
1
** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.
Package | Affected Version |
---|---|
pkg:maven/org.apache.portals.jetspeed-2/jetspeed-commons | <= 2.3.1 |
- ID
- MAVEN:GHSA-H975-R69H-4W9P
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-h975-r69h-4w9p
- Published
-
2022-07-07T00:00:28
(2 years ago) - Modified
-
2023-01-27T05:05:45
(20 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.apache.portals.jetspeed-2/jetspeed-commons | org.apache.portals.jetspeed-2 | jetspeed-commons | <= 2.3.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |