CVE-2021-33192 – org.apache.jena:jena-fuseki

Package

Manager: maven
Name: org.apache.jena:jena-fuseki
Vulnerable Version: >=2.0.0 <4.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.10411 pctl0.92935

Details

Cross-site scripting in Apache Jena Fuseki A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).

Metadata

Created: 2021-08-13T15:21:35Z
Modified: 2021-07-09T01:55:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-phwj-86vx-cfjc/GHSA-phwj-86vx-cfjc.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-phwj-86vx-cfjc
Finding: F008
Auto approve: 1