CVE-2016-10726: Path Traversal

July 10, 2018 (updated September 6, 2018)

The XMLUI feature in DSpace allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.

References

jira.duraspace.org/browse/DS-3094
nvd.nist.gov/vuln/detail/CVE-2016-10726
wiki.duraspace.org/display/DSDOC5x/Release+Notes

Code Behaviors & Features

Detect and mitigate CVE-2016-10726 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →