jena-core is vulnerable to XML external entity attacks. The RDFXMLParser
function of RDFXMLParser.java
does not properly disable the access to external entities, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server.
CPE | Name | Operator | Version |
---|---|---|---|
apache jena - core | le | 4.5.0 | |
apache jena - core | le | 4.5.0 |