oss-sec mailing list archives
CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability
From: Andy Seaborne <andy () apache org>
Date: Thu, 16 Sep 2021 11:55:10 +0000
Severity: high Description: A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. Mitigation: Users are advised to upgrade to Apache Jena 4.2.0 or later.
Current thread:
- CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability Andy Seaborne (Sep 16)