CVE-2023-22665

Published: Apr 25, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.

Vendor	Product	Versions
Apache Software Foundation	Apache Jena	affected `0 - <= 4.7.0`

Weaknesses (CWE)

CWE-917

References

https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/07/11/11

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-22665

Description

Affected Products

Weaknesses (CWE)

References