org.dspace:dspace-server-webapp@7.0-beta4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.dspace:dspace-server-webapp package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access Restriction Bypass

Affected versions of this package are vulnerable to Access Restriction Bypass. Multiple access control issues exist in dspace-api development versions. These issues include:

  • The SolrServiceResourceRestrictionPlugin doesn't check for dates on permissions, causing the embargoed items to be returned
  • Discovery ignores the PreAuthorize permissions check which should ensure the item cannot be returned, not even when it's embedded

Note: These issues only exist in unreleased/development versions of DSpace v7.0, and it does not impact any production releases outside of beta/preview releases.

How to fix Access Restriction Bypass?

Upgrade org.dspace:dspace-server-webapp to version 7.0-beta4.1 or higher.

[7.0-beta1,7.0-beta4.1)