Описание
Arbitrary javascript injection in Apache Jena
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
Пакеты
Наименование
org.apache.jena:jena
maven
Затронутые версииВерсия исправления
< 4.8.0
4.8.0
Связанные уязвимости
CVSS3: 5.4
ubuntu
почти 3 года назад
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
CVSS3: 5.4
nvd
почти 3 года назад
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
CVSS3: 5.4
debian
почти 3 года назад
There is insufficient checking of user queries in Apache Jena versions ...