CNNVD-202507-2042 Information

Jul 15, 2025 cve

CNNVD ID

CNNVD-202507-2042

CVE-2025-53621

  • CNNVD Published: 2025-07-15

Description (Chinese)

DSpace是DuraSpace社区的一个开源的交钥匙存储库应用程序。 DSpace 7.6.4之前版本、8.2之前版本和9.1之前版本存在代码问题漏洞,该漏洞源于XML外部实体注入,可能导致敏感信息泄露。

Description (English)

DSpace is an open-source turnkey repository application for the DuraSpace community. There is a code problem loophole in previous versions of DSpace 7.6.4, 8.2 and 9.1, which originates from input from an external XML entity and may lead to the disclosure of sensitive information.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

DuraSpace

Published

2025-07-15

Last Modified

2026-02-24

References

https://github.com/DSpace/DSpace/pull/11035.patch https://github.com/DSpace/DSpace/pull/11034 https://github.com/DSpace/DSpace/pull/11034.patch https://github.com/DSpace/DSpace/security/advisories/GHSA-jjwr-5cfh-7xwh https://github.com/DSpace/DSpace/pull/11032 https://github.com/DSpace/DSpace/pull/11032.patch https://nvd.nist.gov/vuln/detail/CVE-2025-53621

Patch

https://github.com/DSpace/DSpace/releases

Share on: