Khalil Shreateh

**Name of the Vulnerable Software and Affected Versions** DSpace versions prior to 3.6 DSpace versions 4.x prior to 4.5 DSpace versions 5.x prior to 5.5 **Description** The issue allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname. This can be demonstrated by a URI such as "themes/Reference/aa:etc/passwd". **Recommendations** For DSpace versions prior to 3.6, update to version 3.6 or later. For DSpace versions 4.x prior to 4.5, update to version 4.5 or later. For DSpace versions 5.x prior to 5.5, update to version 5.5 or later.