Vulnerabilities > Apache > Jena

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-32200 Unspecified vulnerability in Apache Jena
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier.
network
low complexity
apache
8.8
2023-04-25 CVE-2023-22665 Expression Language Injection vulnerability in Apache Jena
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts.
network
low complexity
apache CWE-917
5.4
2022-05-05 CVE-2022-28890 XXE vulnerability in Apache Jena 4.4.0
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved.
network
low complexity
apache CWE-611
critical
9.8
2021-09-16 CVE-2021-39239 XXE vulnerability in Apache Jena
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
network
low complexity
apache CWE-611
7.5