GHSA-phwj-86vx-cfjc

Source

https://github.com/advisories/GHSA-phwj-86vx-cfjc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-phwj-86vx-cfjc/GHSA-phwj-86vx-cfjc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-phwj-86vx-cfjc

Aliases

CVE-2021-33192

Published

2021-08-13T15:21:35Z

Modified

2023-11-08T04:06:03.580842Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in Apache Jena Fuseki

Details

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).

Database specific

{
    "nvd_published_at": "2021-07-05T10:15:00Z",
    "github_reviewed_at": "2021-07-06T15:42:15Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.apache.jena:jena-fuseki

Package

Name: org.apache.jena:jena-fuseki; View open source insights on deps.dev
Purl: pkg:maven/org.apache.jena/jena-fuseki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

4.1.0

Affected versions

2.*

2.0.0

2.3.0

2.3.1

2.4.0

2.4.1

2.5.0

2.6.0

3.*

3.4.0

3.5.0

3.6.0

3.7.0

3.8.0

3.9.0

3.10.0

3.11.0

3.12.0

3.13.0

3.13.1

3.14.0

3.15.0

3.16.0

3.17.0

4.*

4.0.0

Database specific

{
    "last_known_affected_version_range": "<= 4.0.0"
}