GHSA-gchv-364h-r896

Suggest an improvement
Source
https://github.com/advisories/GHSA-gchv-364h-r896
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gchv-364h-r896/GHSA-gchv-364h-r896.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-gchv-364h-r896
Aliases
Published
2022-05-06T00:00:53Z
Modified
2023-11-08T04:09:06.180591Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
XML External Entity Reference in apache jena
Details

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 only. Apache Jena 4.2.x and 4.3.x do not allow external entities.

Database specific 
{
    "nvd_published_at": "2022-05-05T09:15:00Z",
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-24T20:52:33Z"
}
References

Affected packages

Maven / org.apache.jena:jena

Package

Name
org.apache.jena:jena
View open source insights on deps.dev
Purl
pkg:maven/org.apache.jena/jena

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.5.0

Affected versions

4.*

4.4.0