Description
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/DSpace/DSpace/security/advisories/GHSA-c2j7-66m3-r4ff
Patch, Third Party Advisory x_refsource_misc
https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
45.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-209
Status
published
Products (2)
duraspace/dspace
4.0 - 6.4
org.dspace/dspace-jspui
4.0 - 6.4Maven
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026