Filtered by vendor Apache Subscriptions
Filtered by product Jena Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-32200 1 Apache 1 Jena 2024-11-21 8.8 High
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
CVE-2023-22665 1 Apache 1 Jena 2024-11-21 5.4 Medium
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
CVE-2022-28890 1 Apache 1 Jena 2024-11-21 9.8 Critical
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.
CVE-2021-39239 1 Apache 1 Jena 2024-11-21 7.5 High
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.