Описание
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
Показывать по
10
EPSS
Процентиль: 70%
0.00635
Низкий
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
больше 2 лет назад
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
CVSS3: 8.8
debian
больше 2 лет назад
There is insufficient restrictions of called script functions in Apach ...
CVSS3: 8.8
github
больше 2 лет назад
Apache Jena Expression Language Injection vulnerability
EPSS
Процентиль: 70%
0.00635
Низкий
8.8 High
CVSS3