org.apache.sling:org.apache.sling.servlets.post 2.0.4-incubator vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.sling:org.apache.sling.servlets.post package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) `org.apache.sling:org.apache.sling.servlets.post` is a framework for RESTful web-applications based on an extensible content tree. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attack. How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.sling:org.apache.sling.servlets.post` to version 2.3.23 or higher.	[,2.3.23)
M Cross-site Scripting (XSS) `org.apache.sling:org.apache.sling.servlets.post` is a framework for RESTful web-applications based on an extensible content tree. Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.	[,2.1.2)
M Denial of Service (DoS) `org.apache.sling:org.apache.sling.servlets.post` is a framework for RESTful web-applications based on an extensible content tree. The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.	[,2.1.2)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attack.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.sling:org.apache.sling.servlets.post to version 2.3.23 or higher.

[,2.3.23)

Cross-site Scripting (XSS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree.

Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.

[,2.1.2)

Denial of Service (DoS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree.

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.

[,2.1.2)

org.apache.sling:org.apache.sling.servlets.post@2.0.4-incubator vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?