VulnerableCode Package Details - pkg:maven/org.codelibs.fess/fess@12.3.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.codelibs.fess/fess@12.3.2

Essentials
History (3)

purl	pkg:maven/org.codelibs.fess/fess@12.3.2

Next non-vulnerable version	14.19.2
Latest non-vulnerable version	14.19.2
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-1j56-crd4-z3hw Aliases: CVE-2025-48382 GHSA-g88v-2j67-9rmx	Fess has Insecure Temporary File Permissions Fess (an open-source Enterprise Search Server) creates temporary files without restrictive permissions, which may allow local attackers to read sensitive information from these temporary files.	14.19.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-yk6z-wgcu-4bga	Improper Restriction of XML External Entity Reference The fess package contains an XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.	CVE-2018-1000822 GHSA-77hp-pfxw-4w63

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:50:37.382322+00:00	GitLab Importer	Affected by	VCID-1j56-crd4-z3hw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.codelibs.fess/fess/CVE-2025-48382.yml	38.6.0
2026-06-04T18:24:03.537662+00:00	GHSA Importer	Fixing	VCID-yk6z-wgcu-4bga	https://github.com/advisories/GHSA-77hp-pfxw-4w63	38.6.0
2026-06-04T17:39:04.072772+00:00	GithubOSV Importer	Fixing	VCID-yk6z-wgcu-4bga	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-77hp-pfxw-4w63/GHSA-77hp-pfxw-4w63.json	38.6.0