Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache jena vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32200
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and previous versions. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 up to and including 4.8.0.
Apache Jena
5
CVSSv2
CVE-2021-39239
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an malicious user to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
Apache Jena
NA
CVE-2023-22665
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and previous versions, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
Apache Jena
4.3
CVSSv2
CVE-2021-33192
A vulnerability in the HTML pages of Apache Jena Fuseki allows an malicious user to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).
Apache Jena Fuseki
NA
CVE-2022-45136
Apache Jena SDB 3.17.0 and previous versions is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...
Apache Jena Sdb
7.5
CVSSv2
CVE-2022-28890
A vulnerability in the RDF/XML parser of Apache Jena allows an malicious user to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.
Apache Jena 4.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started