Описание
Users with administrator access can create databases files outside the files area of the Fuseki server.
This issue affects Apache Jena version up to 5.4.0.
Users are recommended to upgrade to version 5.5.0, which fixes the issue.
A path traversal flaw has been discovered in Apache Jena. This flaw allows an attacker to create files outside of the designated file area.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Clients | jena-arq | Fix deferred | ||
| Red Hat Data Grid 8 | jena-arq | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 7 | jena-arq | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 8 | jena-arq | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | jena-arq | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.
Users with administrator access can create databases files outside the ...
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server
EPSS
6.5 Medium
CVSS3