Vulnerability	Vulnerable Version
L Information Exposure org.dspace:dspace-xmlui is a web-based user interface based upon Apache Cocoon. Affected versions of this package are vulnerable to Information Exposure in the `generate()` functions of `cocoon/DSpaceMETSGenerator.java` and `cocoon/DSpaceOREGenerator.java`, which expose metadata on withdrawn items in the mets.xml object. An attacker in possession of the handle/URL of a withdrawn item can retrieve the metadata. Note: This vulnerability does not impact the `JSPUI` or versions 7. How to fix Information Exposure? Upgrade `org.dspace:dspace-xmlui` to version 6.4 or higher.	[4.0,6.4)

Information Exposure

org.dspace:dspace-xmlui is a web-based user interface based upon Apache Cocoon.

Affected versions of this package are vulnerable to Information Exposure in the generate() functions of cocoon/DSpaceMETSGenerator.java and cocoon/DSpaceOREGenerator.java, which expose metadata on withdrawn items in the mets.xml object. An attacker in possession of the handle/URL of a withdrawn item can retrieve the metadata.

Note: This vulnerability does not impact the JSPUI or versions 7.

How to fix Information Exposure?

Upgrade org.dspace:dspace-xmlui to version 6.4 or higher.

[4.0,6.4)

Go back to all versions of this package