CVE-2019-6986
on github
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
5 MEDIUM
Description
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:duraspace:vitro:1.10.0:*:*:*:*:*:*:* | n/a | n/a | 1.10.0 |