Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ocDJ4LTZ2cm0tN2o3ds4AA5sA
Apache Archiva Reflected Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Permalink: https://github.com/advisories/GHSA-hp2x-6vrm-7j7vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocDJ4LTZ2cm0tN2o3ds4AA5sA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: 7 months ago
Identifiers: GHSA-hp2x-6vrm-7j7v, CVE-2024-27140
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-27140
- https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy
- https://attic.apache.org/projects/archiva.html
- http://www.openwall.com/lists/oss-security/2024/03/01/2
- https://github.com/advisories/GHSA-hp2x-6vrm-7j7v
Affected Packages
maven:org.apache.archiva:archiva-common
Dependent packages: 14Dependent repositories: 55
Downloads:
Affected Version Ranges: >= 2.0.0, <= 2.2.10
No known fixed version
All affected versions: 2.2.0, 2.2.1, 2.2.3, 2.2.4