Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-50151

Опубликовано: 21 июл. 2025
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

A file path validation flaw has been discovered in Apache Jena. This flaw allows users with administrative access to upload arbitrary configurations.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
AMQ Clientsjena-arqFix deferred
AMQ Clientsjena-baseFix deferred
AMQ Clientsjena-coreFix deferred
AMQ Clientsjena-iriFix deferred
AMQ Clientsjena-shaded-guavaFix deferred
Red Hat build of Apicurio Registry 3jena-baseFix deferred
Red Hat build of Apicurio Registry 3jena-coreFix deferred
Red Hat build of Apicurio Registry 3jena-iriFix deferred
Red Hat build of Apicurio Registry 3jena-shaded-guavaFix deferred
Red Hat Data Grid 8jena-arqFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2382279org.apache.jena: Apache Jena insufficent file validation

EPSS

Процентиль: 38%
0.00163
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-50151

CVSS3: 8.8
ubuntu
23 дня назад

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

nvd логотип

CVE-2025-50151

CVSS3: 8.8
nvd
23 дня назад

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

debian логотип

CVE-2025-50151

CVSS3: 8.8
debian
23 дня назад

File access paths in configuration files uploaded by users with admini ...

github логотип

GHSA-xg9p-p463-3qjp

CVSS3: 7.2
github
23 дня назад

Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access

EPSS

Процентиль: 38%
0.00163
Низкий

6.5 Medium

CVSS3