Vulnerabilities > Apache > Jena > 3.12.0

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-32200 Expression Language Injection vulnerability in Apache Jena
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier.
network
low complexity
apache CWE-917
8.8
8.8
2023-04-25 CVE-2023-22665 Expression Language Injection vulnerability in Apache Jena
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts.
network
low complexity
apache CWE-917
5.4
5.4
2021-09-16 CVE-2021-39239 XXE vulnerability in Apache Jena
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
network
low complexity
apache CWE-611
7.5
7.5