Описание
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache-jena | fixed | 4.9.0-1 | package | |
| apache-jena | ignored | bookworm | package |
Примечания
https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
Связанные уязвимости
CVSS3: 5.4
ubuntu
почти 3 года назад
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
CVSS3: 5.4
nvd
почти 3 года назад
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
