There is insufficient restrictions of called script functions in Apache Jena
versions 4.8.0 and earlier. It allows a
remote user to execute javascript via a SPARQL query.
This issue affects Apache Jena: from 3.7.0 through 4.8.0.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-07-12
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-04-25
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-16