CVE-2023-22665
published 2023-04-25CVE-2023-22665: There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | jena | 3.7.0 – 4.8.0 | — |
| apache_software_foundation | apache_jena | <= 4.7.0 | — |
| debian | apache-jena | < apache-jena 4.9.0-1 (forky) | apache-jena 4.9.0-1 (forky) |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM