Re: [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary executi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.

From: Jad El-Khoury <jad@xxxxxx>
Date: Thu, 27 Apr 2023 08:48:49 +0000
Accept-language: en-GB, sv-SE, en-US
Delivered-to: lyo-dev@xxxxxxxxxxx
Dkim-filter: OpenDKIM Filter v2.11.0 smtp-relay-3.sys.kth.se 4Q6TtB15Q1zPRh7
List-archive: <https://www.eclipse.org/mailman/private/lyo-dev/>
List-help: <mailto:lyo-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/lyo-dev>, <mailto:lyo-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/lyo-dev>, <mailto:lyo-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHZeOS0h6fUvnWv60Od7ZDan6S3Ba8+2Apw
Thread-topic: CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.

Andrii

Doesn’t LyoStore submit SPARQL queries?

Jad

From: lyo-dev <lyo-dev-bounces@xxxxxxxxxxx> On Behalf Of Andrii Berezovskyi
Sent: Thursday, 27 April 2023 10:46
To: lyo-dev@xxxxxxxxxxx
Subject: [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.

Hi,

https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s announces quite a severe CVE. It shouldn’t affect you if you use Lyo to process OSLC Query statements and convert them to prepared SPARQL statements and instead all SPARQL queries to be submitted directly.

–Andrew

Follow-Ups:
- Re: [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
  - From: Andrii Berezovskyi

References:
- [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
  - From: Andrii Berezovskyi

Prev by Date: [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
Next by Date: Re: [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
Previous by thread: [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
Next by thread: Re: [lyo-dev] CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
Index(es):
- Date
- Thread

Breadcrumbs