CVE-2021-41189
7.2 HIGHDSpace is an open source turnkey repository application
Published: 2021-10-29 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-863
Affected products
| Vendor | Product |
|---|---|
| duraspace | dspace |
Description
DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41189
- [Patch]https://github.com/DSpace/DSpace/commit/277b499a5cd3a4f5eb2370513a1b7e4ec2a6e041
- [Patch]https://github.com/DSpace/DSpace/commit/c3bea16ab911606e15ae96c97a1575e1ffb14f8a
- [Exploit reference]https://github.com/DSpace/DSpace/issues/7928
- [Other]https://github.com/DSpace/DSpace/security/advisories/GHSA-cf2j-vf36-c6w8
- [Patch]https://github.com/DSpace/DSpace/commit/277b499a5cd3a4f5eb2370513a1b7e4ec2a6e041
- [Patch]https://github.com/DSpace/DSpace/commit/c3bea16ab911606e15ae96c97a1575e1ffb14f8a
- [Exploit reference]https://github.com/DSpace/DSpace/issues/7928
- [Other]https://github.com/DSpace/DSpace/security/advisories/GHSA-cf2j-vf36-c6w8
Related CVEs
Same CWE
- CVE-2026-53860 — OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries... (4.2 MEDIUM)
- CVE-2026-53855 — OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks ... (8.1 HIGH)
- CVE-2026-53854 — OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows sender... (6.5 MEDIUM)
- CVE-2026-53853 — OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowe... (8.3 HIGH)
- CVE-2026-5149 — The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the g... (6.5 MEDIUM)