148 matches found
CVE-2025-49656 Apache Jena: Administrative users can create files outside the server directory space via the admin UI
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...
PT-2025-30257 · Apache +1 · Fuseki +2
Name of the Vulnerable Software and Affected Versions: Apache Jena versions prior to 5.5.0 Description: Users with administrator access can create database files outside the designated files area of the Fuseki server. Recommendations: Upgrade to version 5.5.0...
Apache Jena 安全漏洞
Apache Jena is the Apache Software Foundation's Semantic Web framework for building and processing RDF data. A path traversal vulnerability exists in Apache Jena 5.4.0 and earlier versions, which originates from a user with administrator privileges being able to create database files outside of t...
Apache Jena 安全漏洞
Apache Jena is the Apache Software Foundation's open source Java framework for building semantic web and linked data applications. A file path validation vulnerability exists in Apache Jena 5.4.0 and earlier versions, which stems from a failure to validate file access paths in configuration files...
PT-2025-30258 · Apache +1 · Apache Jena +1
Name of the Vulnerable Software and Affected Versions: Apache Jena versions up to 5.4.0 Description: The application does not validate file access paths within configuration files uploaded by users possessing administrator privileges. This could allow for unauthorized access or manipulation of...
CVE-2023-32200
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...
CVE-2023-22665
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...
CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
CVE-2022-28890
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...
CVE-2021-39239
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...
CVE-2021-33192
A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...
Linux Distros Unpatched Vulnerability : CVE-2023-22665
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute...
Linux Distros Unpatched Vulnerability : CVE-2023-32200
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a...
Security Bulletin: IBM Engineering Lifecycle Management is impacted by vulnerabilities in Apache Jena
Summary A vulnerability has been identified in Apache Jena - jena-core-2.7.1.jar, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache...
Security Bulletin: IBM Integration Bus is vulnerable to a local attacker due to Apache Jena (CVE-2023-32200)
Summary First time Integration node startup, following version to version migration, is vulnerable to allowing a local attacker to execute arbitrary code due Apache Jena in IBM Integration Bus. CVE-2023-32200 Vulnerability Details CVEID: CVE-2023-32200 DESCRIPTION: Apache Jena could allow a remot...
Security Bulletin: IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and denial of service due to CVEs in Apache Velocity, Apache Jena, and XStream (woodstox)
Summary IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by security flaws in Apache Velocity, Apache Jena, and XStream woodstox. The flaws can lead to arbitrary code execution, sensitive information disclosure, and denial of...
Security Bulletin: Vulnerability in Apache Jena-arq library affects IBM Engineering Lifecycle Optimization - Publishing
Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena-arq Vulnerability Details CVEID:CVE-2023-22665 DESCRIPTION: Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of user querie...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core
Summary BM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache Jena could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
Security Bulletin: IBM Jazz Reporting Service is vulnerable to XML external entity (XXE) attacks due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0 (CVE-2021-39239)
Summary IBM Jazz Reporting Service is vulnerable to CVE-2021-39239 due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0. Apache Jena is used by IBM Jazz Reporting Service for working with RDF models. The fix disables external entity processing in calls made to the...
Apache Jena Code Execution Vulnerability
Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena suffers from a code execution vulnerability that stems from insufficient restrictions on called script functions. An attacker can exploi...