Skip to content

Apache Archiva Reflected Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Mar 1, 2024 to the GitHub Advisory Database • Updated May 2, 2024

Package

maven org.apache.archiva:archiva-common (Maven)

Affected versions

>= 2.0.0, <= 2.2.10

Patched versions

None

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.

This issue affects Apache Archiva: from 2.0.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

Published by the National Vulnerability Database Mar 1, 2024
Published to the GitHub Advisory Database Mar 1, 2024
Reviewed Mar 1, 2024
Last updated May 2, 2024

Severity

Moderate

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2024-27140

GHSA ID

GHSA-hp2x-6vrm-7j7v

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.