Skip to main content

Jena

4 CVEs product

Monthly

CVE-2023-32200 Maven HIGH PATCH This Week

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Jena
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-22665 Maven MEDIUM PATCH This Month

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Jena
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2022-28890 Maven CRITICAL PATCH Act Now

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved.4.0 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Jena
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-39239 Maven HIGH PATCH This Week

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Jena
NVD
CVSS 3.1
7.5
EPSS
4.3%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Jena
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Jena
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved.4.0 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Jena
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Jena
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy