Lucene search
ApacheCVELIST:CVE-2023-32200HistoryJul 12, 2023 - 7:49 a.m.
CVE-2023-32200 Apache Jena: Exposure of execution in script engine expressions.
2023-07-1207:49:55
CWE-917
apache
www.cve.org
cve-2023-32200
apache jena
script execution
vulnerability
remote user
javascript
sparql query
There is insufficient restrictions of called script functions in Apache Jena
versions 4.8.0 and earlier. It allows a
remote user to execute javascript via a SPARQL query.
This issue affects Apache Jena: from 3.7.0 through 4.8.0.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Jena",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.8.0",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2023-32200
2023-07-12 08:15:10
debiancve
debiancve
CVE-2023-32200
2023-07-12 08:15:10
veracode
veracode
Remote Code Execution (RCE)
2023-07-26 10:23:10
prion
prion
Authorization
2023-07-12 08:15:00
ubuntucve
ubuntucve
CVE-2023-32200
2023-07-12 00:00:00
github
github
Apache Jena Expression Language Injection vulnerability
2023-07-12 09:30:53
ibm
ibm
cnvd
cnvd
Apache Jena Code Execution Vulnerability
2023-07-14 00:00:00
nvd
nvd
CVE-2023-32200
2023-07-12 08:15:10
osv
osv
Apache Jena Expression Language Injection vulnerability
2023-07-12 09:30:53