org.apache.sling:org.apache.sling.servlets.post@2.3.8 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.sling:org.apache.sling.servlets.post package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attack.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.sling:org.apache.sling.servlets.post to version 2.3.23 or higher.

[,2.3.23)
  • M
Denial of Service (DoS)

org.apache.sling:org.apache.sling.servlets.post is a framework for RESTful web-applications based on an extensible content tree.

Affected versions of this package are vulnerable to Denial of Service (DoS). The deepGetOrCreateNode function in impl/operations/AbstractCreateOperation.java does not properly handle a NULL value that returned when the session does not have permissions to the root node, which allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.

How to fix Denial of Service (DoS)?

Upgrade org.apache.sling:org.apache.sling.servlets.post to version 2.3.24 or higher.

[2.2.0,2.3.24)