[lyo-dev] FW: CVE-2021-33192: Apache Jena Fuseki: Display information UI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[lyo-dev] FW: CVE-2021-33192: Apache Jena Fuseki: Display information UI XSS

From: Andrii Berezovskyi <andriib@xxxxxx>
Date: Sun, 4 Jul 2021 16:02:07 +0000
Accept-language: en-GB, en-US, sv-SE
Delivered-to: lyo-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/lyo-dev/>
List-help: <mailto:lyo-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/lyo-dev>, <mailto:lyo-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/lyo-dev>, <mailto:lyo-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHXcNM7btwz/85ncEuVLOnnC17IPasy+jmA
Thread-topic: CVE-2021-33192: Apache Jena Fuseki: Display information UI XSS

FYI

On 2021-07-04, 14:50, "Andy Seaborne" <andy@xxxxxxxxxx> wrote:

    Severity: Medium

    Description:

    A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views.  This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).

    Mitigation:

    Users are advised to upgrade to Apache Jena 4.1.0 or later.

    Credit:

    Apache Jena would like to thank Luka Safonov for reporting this issue.

Prev by Date: [lyo-dev] Lyo 4.1.0 alpha1 release
Next by Date: [lyo-dev] FW: OSLC QM new call for Statements of Use
Previous by thread: [lyo-dev] Lyo 4.1.0 alpha1 release
Next by thread: [lyo-dev] FW: OSLC QM new call for Statements of Use
Index(es):
- Date
- Thread

Breadcrumbs