org.apache.jena:jena
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.jena:jenapage 1 of 1
- CVE-2022-28890CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.5.02022-05-05
vulnerable: 4.4.0
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.
- CVE-2023-22665MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.8.02023-04-25
vulnerable: 2.10.0 ... 4.7.0 (44 versions)
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
- CVE-2023-32200HIGHCVSS 8.8EG 8.8✓ Fixed in 4.9.02023-07-12
vulnerable: 3.10.0 ... 4.8.0 (24 versions)
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
Check whether org.apache.jena:jena is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.jena:jena CVEs against the assets you own.
Start Free Scan →