org.apache.portals.jetspeed-2:jetspeed@2.3.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.portals.jetspeed-2:jetspeed package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Insecure Defaults

Affected versions of this package are vulnerable to Insecure Defaults due to improper filtering of untrusted user input by default. This behavior is leading to a number of issues including XSS, CSRF, XXE, and SSRF.

Notes:

  1. Setting the configuration option xss.filter.post = true may mitigate these issues.

  2. Apache Jetspeed is a dormant project of Apache Portals and no updates or support will be provided.

How to fix Insecure Defaults?

There is no fixed version for org.apache.portals.jetspeed-2:jetspeed.

[0,)