XML External Entity (XXE)

jena-core is vulnerable to XML external entity attacks. The RDFXMLParser function of RDFXMLParser.java does not properly disable the access to external entities, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server...

at.newmedialab.ldpath:ldpath-backend-jena (>=0.9.12 <=0.9.13), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1365 more potentially affected by CVE-2021-39239 via org.apache.jena:jena-core (>=2.10.0 <=4.1.0)

org.apache.jena:jena-core MAVEN version =2.10.0, =0.9.12, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.2, =0.9 - at.researchstudio.sat:won-owner =0.3 and more Source cves: CVE-2021-39239 Source advisory: OSV:GHSA-7RP6-W7MG-H8RW...

XML External Entity (XXE)

jena-core is vulnerable to XML external entity. An attacker is able to execute XML External Entities XXE due to lack of secure XML processing, subsequently exposing the contents of local files to a remote server...