CVE-2022-45136

Опубликовано: 14 нояб. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 9.8

Описание

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.

Релиз	Статус	Примечание
bionic	DNE
devel	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	DNE
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 83%

0.01959

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2022-45136

CVSS3: 9.8

nvd

около 3 лет назад

CVE-2022-45136

CVSS3: 9.8

debian

около 3 лет назад

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisa ...

GHSA-g2qw-6vrr-v6pq

CVSS3: 9.8

github

около 3 лет назад

Apache Jena vulnerable to Deserialization of Untrusted Data

EPSS

Процентиль: 83%

0.01959

Низкий

9.8 Critical

CVSS3

CVE-2022-45136

Описание

Пакет apache-jena

Пакет sdb

Ссылки на источники

Связанные уязвимости