[lyo-dev] FW: CVE-2021-39239: Apache Jena: XML External Entity (XXE) vul

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[lyo-dev] FW: CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability

From: Andrii Berezovskyi <andriib@xxxxxx>
Date: Thu, 16 Sep 2021 12:10:52 +0000
Accept-language: en-GB, en-US, sv-SE
Delivered-to: lyo-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/lyo-dev/>
List-help: <mailto:lyo-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/lyo-dev>, <mailto:lyo-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/lyo-dev>, <mailto:lyo-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHXqvHJ7HTZuwIu50yXKlpdAKiouaumkeMA
Thread-topic: CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability


–Andrew.

On 2021-09-16, 13:55, "Andy Seaborne" <andy@xxxxxxxxxx> wrote:

    Severity: high

    Description:

    A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

    Mitigation:

    Users are advised to upgrade to Apache Jena 4.2.0 or later.

Follow-Ups:
- Re: [lyo-dev] CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability
  - From: Jad El-Khoury

Prev by Date: Re: [lyo-dev] OSLC QM new call for Statements of Use
Next by Date: [lyo-dev] FW: [ANN] Apache Jena 4.2.0
Previous by thread: [lyo-dev] FW: OSLC QM new call for Statements of Use
Next by thread: Re: [lyo-dev] CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability
Index(es):
- Date
- Thread

Breadcrumbs