CVE-2022-31189

Name of the Vulnerable Software and Affected Versions DSpace versions prior to 6.4

Description When an "Internal System Error" occurs in the JSPUI, the entire exception, including the stack trace, is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This issue only impacts the JSPUI.

Recommendations For DSpace 6.x, upgrade to version 6.4 or apply the patch file manually. For DSpace 5.x, apply the 6.x patch file or disable the display of error messages in the internal.jsp file by setting the returned exception to "null" at all times. As a temporary workaround, consider disabling the display of error messages in the internal.jsp file until a patch is available.