Is that already fixed in 4.8.0 or applies to Apache Jena versions 4.7.0+? Marco
On Mon, Apr 24, 2023 at 8:03 PM Andy Seaborne <a...@apache.org> wrote: > Severity: important > > Description: > > There is insufficient checking of user queries in Apache Jena versions > 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to > execute arbitrary javascript via a SPARQL query. > > Credit: > > L3yx of Syclover Security Team (reporter) > > References: > > https://jena.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2023-22665 > > -- --- Marco Neumann