Lucene search
GoogleOSV:GHSA-XGH5-GWQ5-RPX8HistoryApr 25, 2023 - 9:30 a.m.
Arbitrary javascript injection in Apache Jena
2023-04-2509:30:29
Google
osv.dev
13
apache jena
javascript injection
sparql query
remote execution
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
55.6%
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
Related
ibm
ibm
nvd
nvd
CVE-2023-22665
2023-04-25 07:15:08
veracode
veracode
Arbitrary Code Execution
2023-05-03 01:44:20
cve
cve
CVE-2023-22665
2023-04-25 07:15:08
prion
prion
Design/Logic Flaw
2023-04-25 07:15:00
debiancve
debiancve
CVE-2023-22665
2023-04-25 07:15:08
github
github
Arbitrary javascript injection in Apache Jena
2023-04-25 09:30:29
ubuntucve
ubuntucve
CVE-2023-22665
2023-04-25 00:00:00
cvelist
cvelist
osv
osv
Apache Jena Expression Language Injection vulnerability
2023-07-12 09:30:53
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
55.6%
Related for OSV:GHSA-XGH5-GWQ5-RPX8