org.codelibs.fess:fess
Maven2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.codelibs.fess:fesspage 1 of 1
- CVE-2018-1000822CRITICALCVSS 10.0EG 10.0✓ Fixed in 12.3.22018-12-20
vulnerable: 10.2.1 ... 12.3.1 (58 versions)
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be expl…
- CVE-2025-48382MEDIUMCVSS 5.5EG 5.5✓ Fixed in 14.19.22025-05-27
vulnerable: 10.2.1 ... 14.9.1 (158 versions)
Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to po…
Check whether org.codelibs.fess:fess is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.codelibs.fess:fess CVEs against the assets you own.
Start Free Scan →