CVE-2023-22665

CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions.

Vendor Apache Software Foundation

Product Apache Jena

Weakness CWE-917

Published April 25, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.

Key dates

Disclosure timeline

April 25, 2023 CVE published

February 13, 2025 Record updated