Maven package
org.apache.jena/jena
pkg:maven/org.apache.jena/jena
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-50151 | — | < 5.5.0 | 5.5.0 | Jul 21, 2025 | File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload. | ||
| CVE-2023-32200 | — | >= 3.7.0, < 4.9.0 | 4.9.0 | Jul 12, 2023 | There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0. | ||
| CVE-2023-22665 | — | < 4.8.0 | 4.8.0 | Apr 25, 2023 | There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. | ||
| CVE-2022-28890 | — | >= 4.4.0, < 4.5.0 | 4.5.0 | May 5, 2022 | A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. |
- CVE-2025-50151Jul 21, 2025affected < 5.5.0fixed 5.5.0
File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.
- CVE-2023-32200Jul 12, 2023affected >= 3.7.0, < 4.9.0fixed 4.9.0
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
- CVE-2023-22665Apr 25, 2023affected < 4.8.0fixed 4.8.0
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
- CVE-2022-28890May 5, 2022affected >= 4.4.0, < 4.5.0fixed 4.5.0
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.