cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-32200,https://securityvulnerability.io/vulnerability/CVE-2023-32200,Apache Jena: Exposure of execution in script engine expressions.,"A vulnerability exists in Apache Jena versions 4.8.0 and earlier due to insufficient restrictions applied to called script functions. This flaw could allow a remote attacker to execute arbitrary JavaScript code via a crafted SPARQL query, potentially compromising the integrity and security of the affected systems. Users and administrators of Apache Jena should take immediate measures to address this issue by applying the recommended updates and patches.",Apache,Apache Jena,8.8,HIGH,0.005760000087320805,false,,false,false,false,,,false,false,,2023-07-12T08:15:00.000Z,0
CVE-2023-22665,https://securityvulnerability.io/vulnerability/CVE-2023-22665,Apache Jena: Exposure of arbitrary execution in script engine expressions.,"There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.",Apache,Apache Jena,5.4,MEDIUM,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-04-25T07:15:00.000Z,0
CVE-2022-45136,https://securityvulnerability.io/vulnerability/CVE-2022-45136,Apache Jena SDB allows arbitrary deserialisation via JDBC,Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.,Apache,Apache Jena Sdb,9.8,CRITICAL,0.04083000123500824,false,,false,false,false,,,false,false,,2022-11-14T00:00:00.000Z,0
CVE-2022-28890,https://securityvulnerability.io/vulnerability/CVE-2022-28890,Processing external DTDs,A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.,Apache,Apache Jena,9.8,CRITICAL,0.046560000628232956,false,,false,false,false,,,false,false,,2022-05-05T08:40:09.000Z,0
CVE-2021-39239,https://securityvulnerability.io/vulnerability/CVE-2021-39239,XML External Entity (XXE) vulnerability,"A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.",Apache,Apache Jena,7.5,HIGH,0.0022899999748915434,false,,false,false,false,,,false,false,,2021-09-16T14:40:20.000Z,0
CVE-2021-33192,https://securityvulnerability.io/vulnerability/CVE-2021-33192,Display information UI XSS,A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).,Apache,Apache Jena Fuseki,6.1,MEDIUM,0.002749999985098839,false,,false,false,false,,,false,false,,2021-07-05T09:15:11.000Z,0