Vulnerabilities > CVE-2023-22665 - Expression Language Injection vulnerability in Apache Jena
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.