CVE-2022-31193
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-31193
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31193.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-31193
- Aliases
- Published
- 2022-08-01T20:25:12Z
- Modified
- 2025-10-30T20:09:36.419522Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- URL Redirection to Untrusted Site in Dspace JSPUI
- Details
-
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.
- Database specific
{ "cwe_ids": [ "CWE-601" ] }- References