Lucene search
Veracode Vulnerability DatabaseVERACODE:38007HistoryNov 15, 2022 - 12:16 p.m.
Deserialization Of Untrusted Data
2022-11-1512:16:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
jena-sdb
deserialization
untrusted data
jdbc url
remote code execution
malicious database
0.046 Low
EPSS
Percentile
92.6%
jena-sdb is vulnerable to deserialization of untrusted data. The vulnerability exists when the attacker is able to control the JDBC url or cause the underlying database server to return malicious data, leading to remote code execution when connected to a malicious database.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache jena - sdb (sql based triple store) | le | 3.17.0 | |
| apache jena - sdb (sql based triple store) | le | 3.17.0 |
Related
nvd
nvd
CVE-2022-45136
2022-11-14 16:15:12
prion
prion
Design/Logic Flaw
2022-11-14 16:15:00
cve
cve
CVE-2022-45136
2022-11-14 16:15:12
debiancve
debiancve
CVE-2022-45136
2022-11-14 16:15:12
ubuntucve
ubuntucve
CVE-2022-45136
2022-11-14 00:00:00
cvelist
cvelist
CVE-2022-45136 Apache Jena SDB allows arbitrary deserialisation via JDBC
2022-11-14 00:00:00
osv
osv
Apache Jena vulnerable to Deserialization of Untrusted Data
2022-11-14 19:00:19
github
github
Apache Jena vulnerable to Deserialization of Untrusted Data
2022-11-14 19:00:19