Homepage
About Snyk

org.apache.sling:org.apache.sling.servlets.post@2.0.4-incubator vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.sling:org.apache.sling.servlets.post package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attack.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.sling:org.apache.sling.servlets.post to version 2.3.23 or higher.

[,2.3.23)
  • M
Cross-site Scripting (XSS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree.

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

[,2.1.2)
  • M
Denial of Service (DoS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree.

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.

[,2.1.2)
Go back to all versions of this package