EUVD-2022-3938

Malicious code in bioql PyPI...

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

net.sansa-stack:sansa-examples-spark_2.12 (=0.8.0-RC3), net.sansa-stack:sansa-inference-spark_2.12 (=0.8.0-RC3) +4 more potentially affected by CVE-2022-28890 via org.apache.jena:jena (=4.4.0)

org.apache.jena:jena MAVEN version =4.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.jena:jena and may be impacted: - net.sansa-stack:sansa-examples-spark2.12 =0.8.0-RC3 - net.sansa-stack:sansa-inference-spark2.12 =0.8.0-RC3 -...

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...