8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
59.9%
There is insufficient restrictions of called script functions in Apache
Jena versions 4.8.0 and earlier. It allows a remote user to execute
javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0
through 4.8.0.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | apache-jena | < any | UNKNOWN |
ubuntu | 23.10 | noarch | apache-jena | < any | UNKNOWN |
ubuntu | 24.04 | noarch | apache-jena | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-32200
lists.apache.org/thread/7hg0t2kws3fyr75dl7lll8389xzzc46z
nvd.nist.gov/vuln/detail/CVE-2023-32200
security-tracker.debian.org/tracker/CVE-2023-32200
www.cve.org/CVERecord?id=CVE-2023-22665
www.cve.org/CVERecord?id=CVE-2023-32200
www.openwall.com/lists/oss-security/2023/07/11/11