Lucene search
Ubuntu.comUB:CVE-2023-22665HistoryApr 25, 2023 - 12:00 a.m.
CVE-2023-22665
2023-04-2500:00:00
ubuntu.com
ubuntu.com
13
apache jena
user query checking
remote execution
sparql
javascript
cve-2023-22665
unix
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.7%
There is insufficient checking of user queries in Apache Jena versions
4.7.0 and earlier, when invoking custom scripts. It allows a remote user to
execute arbitrary javascript via a SPARQL query.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | apache-jena | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | apache-jena | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | apache-jena | < any | UNKNOWN |
Related
cve
cve
CVE-2023-22665
2023-04-25 07:15:08
veracode
veracode
Arbitrary Code Execution
2023-05-03 01:44:20
osv
osv
Arbitrary javascript injection in Apache Jena
2023-04-25 09:30:29
Apache Jena Expression Language Injection vulnerability
2023-07-12 09:30:53
nvd
nvd
CVE-2023-22665
2023-04-25 07:15:08
ibm
ibm
debiancve
debiancve
CVE-2023-22665
2023-04-25 07:15:08
prion
prion
Design/Logic Flaw
2023-04-25 07:15:00
github
github
Arbitrary javascript injection in Apache Jena
2023-04-25 09:30:29
cvelist
cvelist
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.7%
Related for UB:CVE-2023-22665