Vulnerability	Vulnerable Version
M Access Restriction Bypass org.dspace:dspace-api is a DSpace core data model and service APIs. Affected versions of this package are vulnerable to Access Restriction Bypass. Multiple access control issues exist in `dspace-api` development versions. These issues include: The SolrServiceResourceRestrictionPlugin doesn't check for dates on permissions, causing the embargoed items to be returned Discovery ignores the PreAuthorize permissions check which should ensure the item cannot be returned, not even when it's embedded Note: These issues only exist in unreleased/development versions of DSpace v7.0, and it does not impact any production releases outside of beta/preview releases. How to fix Access Restriction Bypass? Upgrade `org.dspace:dspace-api` to version 7.0-preview-1 or higher.	[7.0-beta1,7.0-preview-1)

Access Restriction Bypass

org.dspace:dspace-api is a DSpace core data model and service APIs.

Affected versions of this package are vulnerable to Access Restriction Bypass. Multiple access control issues exist in dspace-api development versions. These issues include:

The SolrServiceResourceRestrictionPlugin doesn't check for dates on permissions, causing the embargoed items to be returned
Discovery ignores the PreAuthorize permissions check which should ensure the item cannot be returned, not even when it's embedded

Note: These issues only exist in unreleased/development versions of DSpace v7.0, and it does not impact any production releases outside of beta/preview releases.

How to fix Access Restriction Bypass?

Upgrade org.dspace:dspace-api to version 7.0-preview-1 or higher.

[7.0-beta1,7.0-preview-1)

Go back to all versions of this package