Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[lyo-dev] Fwd: CVE-2023-32200: Apache Jena: Exposure of execution in script engine expressions.
FYI

–Andrew.

Begin forwarded message:

From: Andy Seaborne <andy@xxxxxxxxxx>
Subject: CVE-2023-32200: Apache Jena: Exposure of execution in script engine expressions.
Date: 11 July 2023 at 18:44:10 CEST
To: <announce@xxxxxxxxxx>, <users@xxxxxxxxxxxxxxx>
Reply-To: <users@xxxxxxxxxxxxxxx>

Severity: important

Affected versions:

- Apache Jena 3.7.0 through 4.8.0

Description:

There is insufficient restrictions of called script functions in Apache Jena
versions 4.8.0 and earlier. It allows a
remote user to execute _javascript_ via a SPARQL query.
This issue affects Apache Jena: from 3.7.0 through 4.8.0.

Credit:

s3gundo of Alibaba (reporter)

References:

https://www.cve.org/CVERecord?id=CVE-2023-22665
https://jena.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-32200


Back to the top