CVE-2025-50151 – org.apache.jena:jena

Package

Manager: maven
Name: org.apache.jena:jena
Vulnerable Version: >=0 <5.5.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00193 pctl0.41382

Details

Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

Metadata

Created: 2025-07-21T12:30:34Z
Modified: 2025-07-21T19:38:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-xg9p-p463-3qjp/GHSA-xg9p-p463-3qjp.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-xg9p-p463-3qjp
Finding: F184
Auto approve: 1