Homepage
About Snyk

org.dspace:dspace-api@7.0-beta4.1 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.dspace:dspace-api package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access Restriction Bypass

org.dspace:dspace-api is a DSpace core data model and service APIs.

Affected versions of this package are vulnerable to Access Restriction Bypass. Multiple access control issues exist in dspace-api development versions. These issues include:

  • The SolrServiceResourceRestrictionPlugin doesn't check for dates on permissions, causing the embargoed items to be returned
  • Discovery ignores the PreAuthorize permissions check which should ensure the item cannot be returned, not even when it's embedded

Note: These issues only exist in unreleased/development versions of DSpace v7.0, and it does not impact any production releases outside of beta/preview releases.

How to fix Access Restriction Bypass?

Upgrade org.dspace:dspace-api to version 7.0-preview-1 or higher.

[7.0-beta1,7.0-preview-1)
Go back to all versions of this package