[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [lyo-dev] CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability
|
Andrew
I guess it is still a blocker that Lyo is still relying on an older version of Jersey? Before that, we cannot upgrade to latest versions of many other libiraries, correct?
______________________________
Jad El-khoury, PhD
KTH Royal Institute of Technology
School of Industrial Engineering and Management, Mechatronics Division
Brinellvägen 83, SE-100 44 Stockholm, Sweden
Phone: +46(0)8 790 6877 Mobile: +46(0)70 773 93 45
jad@xxxxxx, www.kth.se
-----Original Message-----
From: lyo-dev <lyo-dev-bounces@xxxxxxxxxxx> On Behalf Of Andrii Berezovskyi
Sent: Thursday, 16 September 2021 14:11
To: lyo-dev@xxxxxxxxxxx
Subject: [lyo-dev] FW: CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability
–Andrew.
On 2021-09-16, 13:55, "Andy Seaborne" <andy@xxxxxxxxxx> wrote:
Severity: high
Description:
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
Mitigation:
Users are advised to upgrade to Apache Jena 4.2.0 or later.
_______________________________________________
lyo-dev mailing list
lyo-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/lyo-dev
