GHSA-phwj-86vx-cfjc

Suggest an improvement
Source
https://github.com/advisories/GHSA-phwj-86vx-cfjc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-phwj-86vx-cfjc/GHSA-phwj-86vx-cfjc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-phwj-86vx-cfjc
Aliases
  • CVE-2021-33192
Published
2021-08-13T15:21:35Z
Modified
2023-11-08T04:06:03.580842Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-site scripting in Apache Jena Fuseki
Details

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).

References

Affected packages

Maven / org.apache.jena:jena-fuseki

Package

Name
org.apache.jena:jena-fuseki
View open source insights on deps.dev
Purl
pkg:maven/org.apache.jena/jena-fuseki

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
4.1.0

Affected versions

2.*

2.0.0
2.3.0
2.3.1
2.4.0
2.4.1
2.5.0
2.6.0

3.*

3.4.0
3.5.0
3.6.0
3.7.0
3.8.0
3.9.0
3.10.0
3.11.0
3.12.0
3.13.0
3.13.1
3.14.0
3.15.0
3.16.0
3.17.0

4.*

4.0.0

Database specific

{
    "last_known_affected_version_range": "<= 4.0.0"
}