CVE-2021-39239

CWE-611XML External Entity (XXE)6 documents5 sources
Severity
7.5HIGH
EPSS
0.6%
top 31.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache JenaApache Jena
Timeline
PublishedSep 16
Latest updateSep 20

Description

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5apache_software_foundation/apache_jenaunspecified4.1.0
Debianapache-jena< 4.5.0-1+2
NVDapache/jena4.1.0

🔴Vulnerability Details

4
OSV
XML External Entity Reference in Apache Jena2021-09-20
GHSA
XML External Entity Reference in Apache Jena2021-09-20
OSV
CVE-2021-39239: A vulnerability in XML processing in Apache Jena, in versions up to 42021-09-16
CVEList
XML External Entity (XXE) vulnerability2021-09-16

📋Vendor Advisories

1
Debian
CVE-2021-39239: apache-jena - A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may a...2021
CVE-2021-39239 (HIGH CVSS 7.5) | A vulnerability in XML processing i | cvebase.io