CVE-2023-32200

CVE-2023-32200: Apache Jena: Exposure of execution in script engine expressions.

Vendor Apache Software Foundation

Product Apache Jena

Weakness CWE-917

Published July 12, 2023

Last update October 7, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.

Key dates

Disclosure timeline

July 12, 2023 CVE published

October 7, 2024 Record updated