Lucene search
China National Vulnerability DatabaseCNVD-2022-09240HistorySep 18, 2021 - 12:00 a.m.
Apache Jena XML External Entity Injection Vulnerability
2021-09-1800:00:00
China National Vulnerability Database
www.cnvd.org.cn
39
apache jena
xml
external entity injection
vulnerability
java
semantic web
framework
apache foundation
version 4.1.0
filtering
remote attacker
xml file
exploit
EPSS
0.003
Percentile
70.9%
Apache Jena is a Java Semantic Web framework from the U.S. Apache (Apache) Foundation . Apache Jena in versions prior to 4.1.0 has an XML external entity injection vulnerability, which stems from a web system or product that does not set the correct filtering to allow references to external entities, and a remote attacker could exploit the vulnerability by sending a specially crafted XML file to read the file.
Related
ubuntucve
ubuntucve
CVE-2021-39239
2021-09-16 00:00:00
ibm
ibm
cve
cve
CVE-2021-39239
2021-09-16 15:15:07
github
github
XML External Entity Reference in Apache Jena
2021-09-20 20:22:05
debiancve
debiancve
CVE-2021-39239
2021-09-16 15:15:07
prion
prion
Xxe
2021-09-16 15:15:00
nvd
nvd
CVE-2021-39239
2021-09-16 15:15:07
osv
osv
XML External Entity Reference in Apache Jena
2021-09-20 20:22:05
cvelist
cvelist
CVE-2021-39239 XML External Entity (XXE) vulnerability
2021-09-16 14:40:20