Vulnerabilities > Apache > Jena
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-32200 | Expression Language Injection vulnerability in Apache Jena There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. | 8.8 |
| 2023-04-25 | CVE-2023-22665 | Expression Language Injection vulnerability in Apache Jena There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. | 5.4 |
| 2022-05-05 | CVE-2022-28890 | XXE vulnerability in Apache Jena 4.4.0 A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. | 9.8 |
| 2021-09-16 | CVE-2021-39239 | XXE vulnerability in Apache Jena A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. | 7.5 |