org.apache.jspwiki:jspwiki-builder@2.10.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.jspwiki:jspwiki-builder package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Command Execution

org.apache.jspwiki:jspwiki-builder is a WikiWiki clone, written in Java and JSP.

Affected versions of this package are vulnerable to Arbitrary Command Execution by using a carefuly crafted HTTP request on logout, which may allow an attacker to delete arbitrary files in the system, given that those files are reachable to the user running the package.

How to fix Arbitrary Command Execution?

Upgrade org.apache.jspwiki:jspwiki-builder to version 2.11.0 or higher.

[,2.11.0)
  • H
Cross-site Scripting (XSS)

org.apache.jspwiki:jspwiki-builder is a WikiWiki clone, written in Java and JSP.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via a crafted plugin link invocation related to the Denounce plugin. The attacker could be allowed to execute javascript in the victim's browser and get some sensitive information about the victim.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.jspwiki:jspwiki-builder to version 2.11.0 or higher.

[,2.11.0)
  • M
Directory Traversal

org.apache.jspwiki:jspwiki-builder is a WikiWiki clone, written in Java and JSP.

Affected versions of this package are vulnerable to Directory Traversal. A specially crafted url can be used to access files under the ROOT directory of the application, which can be used by an attacker to obtain registered users' details.

How to fix Directory Traversal?

Upgrade org.apache.jspwiki:jspwiki-builder to version 2.11.0.M3 or higher.

[2.9.0,2.11.0.M3)
  • L
Cross-site Scripting (XSS)

org.apache.jspwiki:jspwiki-builder is a WikiWiki clone, written in Java and JSP.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) a carefully crafted URL can execute javascript on another user's session. No information can be saved on the server or jspwiki database, nor is an attacker able to execute code on someone else's browser; only on its own browser.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.jspwiki:jspwiki-builder to version 2.11.0.M3 or higher.

[,2.11.0.M3)