Home > Vulnerability Database > CVE-2022-31189

Mend.io Vulnerability Database

CVE-2022-31189

Good to know:

Date: August 1, 2022

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.

Language: Java

Severity Score

5.3

Related Resources (4)

Url: https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a

Url: https://github.com/DSpace/DSpace/security/advisories/GHSA-c2j7-66m3-r4ff

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31189

Url: https://www.mend.io/vulnerability-database/CVE-2022-31189

Severity Score

5.3

Weakness Type (CWE)

Generation of Error Message Containing Sensitive Information

CWE-209

Top Fix

Upgrade Version

Upgrade to version org.dspace:dspace-jspui:6.4

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31189

Good to know:

Date: August 1, 2022

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?