Vulnerability DatabaseWS-2022-0179
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2022-0179
Published:May 15, 2026
Updated:May 15, 2026
Impact This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater. Patches Upgrade immediately to the "latest release" (https://github.com/Islandora/islandora/releases/tag/2.4.1) of Islandora. Workarounds In lieu of an upgrade the "following module" (https://github.com/Islandora/islandora_ghsa_route_fix) can be leveraged that will resolve the issue until such a time an upgrade can take place. For more information If you have any questions or comments about this advisory: * Open an issue in "Islandora" (https://github.com/Islandora/islandora) * Contact community@islandora.ca.
Related Resources (4)
https://github.com/Islandora/islandora/releases/tag/2.4.1
https://github.com/Islandora/islandora/security/advisories/GHSA-m58q-qq5h-mgqq
https://github.com/Islandora/islandora/commit/573d6878edf057987f1e41e5068de0074573e4c7
https://github.com/Islandora-CLAW/islandora
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH