Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache jena vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-32200
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and previous versions. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 up to and including 4.8.0.
Apache Jena
446
VMScore
CVE-2021-39239
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an malicious user to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
Apache Jena
NA
CVE-2023-22665
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and previous versions, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
Apache Jena
383
VMScore
CVE-2021-33192
A vulnerability in the HTML pages of Apache Jena Fuseki allows an malicious user to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).
Apache Jena Fuseki
NA
CVE-2022-45136
Apache Jena SDB 3.17.0 and previous versions is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...
Apache Jena Sdb
668
VMScore
CVE-2022-28890
A vulnerability in the RDF/XML parser of Apache Jena allows an malicious user to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.
Apache Jena 4.4.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started