Open mend-bolt-for-github[bot] opened 1 year ago
ARQ is a SPARQL 1.1 query engine for Apache Jena
Library home page: http://jena.apache.org/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/jena/jena-arq/3.9.0/jena-arq-3.9.0.jar
Dependency Hierarchy: - apache-jena-libs-3.9.0.pom (Root Library) - jena-tdb-3.9.0.jar - :x: **jena-arq-3.9.0.jar** (Vulnerable Library)
Found in base branch: master
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
Publish Date: 2023-07-12
URL: CVE-2023-32200
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://jena.apache.org/about_jena/security-advisories.html#cve-2023-32200---exposure-of-execution-in-script-engine-expressions
Release Date: 2023-07-12
Fix Resolution: org.apache.jena:jena:4.9.0
Step up your Open Source Security Game with Mend here
CVE-2023-32200 - High Severity Vulnerability
ARQ is a SPARQL 1.1 query engine for Apache Jena
Library home page: http://jena.apache.org/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/jena/jena-arq/3.9.0/jena-arq-3.9.0.jar
Dependency Hierarchy: - apache-jena-libs-3.9.0.pom (Root Library) - jena-tdb-3.9.0.jar - :x: **jena-arq-3.9.0.jar** (Vulnerable Library)
Found in base branch: master
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.
Publish Date: 2023-07-12
URL: CVE-2023-32200
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://jena.apache.org/about_jena/security-advisories.html#cve-2023-32200---exposure-of-execution-in-script-engine-expressions
Release Date: 2023-07-12
Fix Resolution: org.apache.jena:jena:4.9.0
Step up your Open Source Security Game with Mend here