Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-hp2x-6vrm-7j7v

GitHub Security Advisory

Apache Archiva Reflected Cross-site Scripting vulnerability

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.

This issue affects Apache Archiva: from 2.0.0.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected Packages

Maven org.apache.archiva:archiva-common
Affected versions: 2.0.0 (last affected: 2.2.10)

Related CVEs

CVE-2024-27140

Key Information

GHSA ID
GHSA-hp2x-6vrm-7j7v
Published
March 1, 2024 6:30 PM
Last Modified
February 13, 2025 7:09 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.archiva:archiva-common
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 12, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.