[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability
From: Andy Seaborne <andy () apache ! org>
Date: 2021-09-16 11:55:10
Message-ID: 4ef585a0-4e3f-1fba-af99-be43895bf464 () apache ! org
[Download RAW message or body]
Severity: high
Description:
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, =
may allow an attacker to execute XML External Entities (XXE), including =
exposing the contents of local files to a remote server.
Mitigation:
Users are advised to upgrade to Apache Jena 4.2.0 or later.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic