CVE-2021-39239 Vulnerability in maven package org.apache.jena:jena-core

Description

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

Remediation

References

https://lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc167309335738156dfbd7d9c1bf45%40%3Cdev.jena.apache.org%3E

https://lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb692738a0bbfed9d%40%3Cdev.jena.apache.org%3E

https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d%40%3Cusers.jena.apache.org%3E

Related Vulnerabilities

CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-core

CVE-2022-42920 Vulnerability in maven package org.apache.bcel:bcel

CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-oracle

CVE-2022-37616 Vulnerability in npm package @xmldom/xmldom

CVE-2016-3092 Vulnerability in maven package commons-fileupload:commons-fileupload

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N