vivo-project/Vitro on GitHub
Vitro is a "full stack" framework for building semantic web applications. It is not domain specific.
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2019-6986 | 7.5 HIGH | 5 MEDIUM | |
SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. |