Описание
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
Ссылки
- Mailing ListThird Party Advisory
- Issue TrackingMailing List
- Mailing ListThird Party Advisory
- Issue TrackingMailing List
Уязвимые конфигурации
Конфигурация 1Версия от 3.7.0 (включая) до 4.8.0 (включая)
cpe:2.3:a:apache:jena:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.0099
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-917
CWE-917
Связанные уязвимости
CVSS3: 5.4
ubuntu
почти 3 года назад
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
CVSS3: 5.4
debian
почти 3 года назад
There is insufficient checking of user queries in Apache Jena versions ...
EPSS
Процентиль: 76%
0.0099
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-917
CWE-917