Apache Jena
By the Year
In 2024 there have been 0 vulnerabilities in Apache Jena . Last year Jena had 2 security vulnerabilities published. Right now, Jena is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.10 |
| 2022 | 1 | 9.80 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Jena vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Jena Security Vulnerabilities
There is insufficient restrictions of called script functions in Apache Jena
versions 4.8.0 and earlier
CVE-2023-32200
8.8 - High
- July 12, 2023
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
EL Injection
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts
CVE-2023-22665
5.4 - Medium
- April 25, 2023
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
EL Injection
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved
CVE-2022-28890
9.8 - Critical
- May 05, 2022
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.
XXE
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may
CVE-2021-39239
7.5 - High
- September 16, 2021
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Jena or by Apache? Click the Watch button to subscribe.
