oss-sec mailing list archives
CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.
From: Andy Seaborne <andy () apache org>
Date: Mon, 24 Apr 2023 19:03:51 +0000
Severity: important Description: There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. Credit: L3yx of Syclover Security Team (reporter) References: https://jena.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-22665
Current thread:
- CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions. Andy Seaborne (Apr 24)