Homepage
About Snyk

org.apache.jspwiki:jspwiki-builder@2.11.0.M6 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.jspwiki:jspwiki-builder package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Command Execution

org.apache.jspwiki:jspwiki-builder is a WikiWiki clone, written in Java and JSP.

Affected versions of this package are vulnerable to Arbitrary Command Execution by using a carefuly crafted HTTP request on logout, which may allow an attacker to delete arbitrary files in the system, given that those files are reachable to the user running the package.

How to fix Arbitrary Command Execution?

Upgrade org.apache.jspwiki:jspwiki-builder to version 2.11.0 or higher.

[,2.11.0)
  • H
Cross-site Scripting (XSS)

org.apache.jspwiki:jspwiki-builder is a WikiWiki clone, written in Java and JSP.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via a crafted plugin link invocation related to the Denounce plugin. The attacker could be allowed to execute javascript in the victim's browser and get some sensitive information about the victim.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.jspwiki:jspwiki-builder to version 2.11.0 or higher.

[,2.11.0)
Go back to all versions of this package