There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and previous versions. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 up to and including 4.8.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache jena |