Open mend-for-github-com[bot] opened 1 year ago
ARQ is a SPARQL 1.1 query engine for Apache Jena
Library home page: https://www.apache.org/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/jena/jena-arq/3.12.0/jena-arq-3.12.0.jar
Dependency Hierarchy: - spdx-tools-2.2.1.jar (Root Library) - apache-jena-libs-3.12.0.pom - jena-tdb-3.12.0.jar - :x: **jena-arq-3.12.0.jar** (Vulnerable Library)
Found in HEAD commit: 4f8aa11da0ed37014d8a671a962840fe2230111e
Found in base branch: master
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
Publish Date: 2023-07-12
URL: CVE-2023-32200
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://jena.apache.org/about_jena/security-advisories.html#cve-2023-32200---exposure-of-execution-in-script-engine-expressions
Release Date: 2023-07-12
Fix Resolution (org.apache.jena:jena-arq): 4.9.0
Direct dependency fix Resolution (org.spdx:spdx-tools): 2.2.2
CVE-2023-32200 - High Severity Vulnerability
ARQ is a SPARQL 1.1 query engine for Apache Jena
Library home page: https://www.apache.org/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/jena/jena-arq/3.12.0/jena-arq-3.12.0.jar
Dependency Hierarchy: - spdx-tools-2.2.1.jar (Root Library) - apache-jena-libs-3.12.0.pom - jena-tdb-3.12.0.jar - :x: **jena-arq-3.12.0.jar** (Vulnerable Library)
Found in HEAD commit: 4f8aa11da0ed37014d8a671a962840fe2230111e
Found in base branch: master
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
Publish Date: 2023-07-12
URL: CVE-2023-32200
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://jena.apache.org/about_jena/security-advisories.html#cve-2023-32200---exposure-of-execution-in-script-engine-expressions
Release Date: 2023-07-12
Fix Resolution (org.apache.jena:jena-arq): 4.9.0
Direct dependency fix Resolution (org.spdx:spdx-tools): 2.2.2