CVE-2025-50151
- EPSS 0.22%
- Veröffentlicht 21.07.2025 09:32:30
- Zuletzt bearbeitet 29.07.2025 14:22:30
File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configurat...
CVE-2025-49656
- EPSS 0.15%
- Veröffentlicht 21.07.2025 09:30:32
- Zuletzt bearbeitet 29.07.2025 15:04:20
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.
CVE-2023-32200
- EPSS 0.64%
- Veröffentlicht 12.07.2023 08:15:10
- Zuletzt bearbeitet 21.11.2024 08:02:53
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
CVE-2023-22665
- EPSS 0.51%
- Veröffentlicht 25.04.2023 07:15:08
- Zuletzt bearbeitet 21.11.2024 07:45:09
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
CVE-2022-28890
- EPSS 0.6%
- Veröffentlicht 05.05.2022 09:15:08
- Zuletzt bearbeitet 21.11.2024 06:58:08
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.
CVE-2021-39239
- EPSS 0.32%
- Veröffentlicht 16.09.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:18:59
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.