[MAVEN:GHSA-H975-R69H-4W9P] Insufficient user input in Apache Jetspeed-2

Severity Critical

Affected Packages 1

CVEs 1

** UNSUPPORTED WHEN ASSIGNED ** Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue.

Package	Affected Version
pkg:maven/org.apache.portals.jetspeed-2/jetspeed-commons	<= 2.3.1

ID: MAVEN:GHSA-H975-R69H-4W9P
Severity: critical
URL: https://github.com/advisories/GHSA-h975-r69h-4w9p
Published: 2022-07-07T00:00:28
(2 years ago)
Modified: 2023-01-27T05:05:45
(20 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-32533
			https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2
			https://www.openwall.com/lists/oss-security/2022/07/06/1
			http://www.openwall.com/lists/oss-security/2022/07/06/1
			https://github.com/advisories/GHSA-h975-r69h-4w9p

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.portals.jetspeed-2/jetspeed-commons	org.apache.portals.jetspeed-2	jetspeed-commons	<= 2.3.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date