CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.

[Andy Seaborne <andy () apache org>]

Severity: important

Description:

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. 
It allows a remote user to execute arbitrary javascript via a SPARQL query.

Credit:

L3yx of Syclover Security Team (reporter)

References:

https://jena.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-22665