CVE-2022-28890 – org.apache.jena:jena

Package

Manager: maven
Name: org.apache.jena:jena
Vulnerable Version: =4.4.0 || >=4.4.0 <4.5.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00637 pctl0.69578

Details

XML External Entity Reference in apache jena A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 only. Apache Jena 4.2.x and 4.3.x do not allow external entities.

Metadata

Created: 2022-05-06T00:00:53Z
Modified: 2023-10-13T21:07:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gchv-364h-r896/GHSA-gchv-364h-r896.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-gchv-364h-r896
Finding: F083
Auto approve: 1