Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03cnA2LXc3bWctaDhyd80V1w
XML External Entity Reference in Apache Jena
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
Permalink: https://github.com/advisories/GHSA-7rp6-w7mg-h8rwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03cnA2LXc3bWctaDhyd80V1w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-7rp6-w7mg-h8rw, CVE-2021-39239
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-39239
- https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d%40%3Cusers.jena.apache.org%3E
- https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc167309335738156dfbd7d9c1bf45@%3Cdev.jena.apache.org%3E
- https://lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb692738a0bbfed9d@%3Cdev.jena.apache.org%3E
- https://github.com/advisories/GHSA-7rp6-w7mg-h8rw
Affected Packages
maven:org.apache.jena:jena-core
Dependent packages: 313Dependent repositories: 1,943
Downloads:
Affected Version Ranges: < 4.2.0
Fixed in: 4.2.0
All affected versions: 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1, 2.13.0, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.13.0, 3.13.1, 3.14.0, 3.15.0, 3.16.0, 3.17.0, 4.0.0, 4.1.0
All unaffected versions: 4.2.0, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.5.0, 4.6.0, 4.6.1, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 5.0.0