Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache jena vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-32200
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and previous versions. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 up to and including 4.8.0.
Apache Jena
7.5
CVSSv3
CVE-2021-39239
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an malicious user to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
Apache Jena
5.4
CVSSv3
CVE-2023-22665
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and previous versions, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
Apache Jena
6.1
CVSSv3
CVE-2021-33192
A vulnerability in the HTML pages of Apache Jena Fuseki allows an malicious user to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).
Apache Jena Fuseki
9.8
CVSSv3
CVE-2022-45136
Apache Jena SDB 3.17.0 and previous versions is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...
Apache Jena Sdb
9.8
CVSSv3
CVE-2022-28890
A vulnerability in the RDF/XML parser of Apache Jena allows an malicious user to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.
Apache Jena 4.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started