Lucene search
GoogleOSV:GHSA-J927-W6G7-7C7WHistoryJul 12, 2023 - 9:30 a.m.
Apache Jena Expression Language Injection vulnerability
2023-07-1209:30:53
Google
osv.dev
9
apache jena
expression language
injection
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
60.0%
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0.
Related
cve
cve
CVE-2023-32200
2023-07-12 08:15:10
CVE-2023-22665
2023-04-25 07:15:08
ubuntucve
ubuntucve
CVE-2023-32200
2023-07-12 00:00:00
CVE-2023-22665
2023-04-25 00:00:00
debiancve
debiancve
CVE-2023-32200
2023-07-12 08:15:10
CVE-2023-22665
2023-04-25 07:15:08
prion
prion
Authorization
2023-07-12 08:15:00
Design/Logic Flaw
2023-04-25 07:15:00
veracode
veracode
Remote Code Execution (RCE)
2023-07-26 10:23:10
Arbitrary Code Execution
2023-05-03 01:44:20
cvelist
cvelist
osv
osv
Arbitrary javascript injection in Apache Jena
2023-04-25 09:30:29
nvd
nvd
CVE-2023-22665
2023-04-25 07:15:08
CVE-2023-32200
2023-07-12 08:15:10
github
github
Apache Jena Expression Language Injection vulnerability
2023-07-12 09:30:53
Arbitrary javascript injection in Apache Jena
2023-04-25 09:30:29
ibm
ibm
cnvd
cnvd
Apache Jena Code Execution Vulnerability
2023-07-14 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
60.0%
Related for OSV:GHSA-J927-W6G7-7C7W