Is there a demonstration of the exploit? I'd like to try it
> Sent: Tuesday, July 11, 2023 at 6:44 PM > From: "Andy Seaborne" <[email protected]> > To: [email protected], [email protected] > Subject: CVE-2023-32200: Apache Jena: Exposure of execution in script engine > expressions. > > Severity: important > > Affected versions: > > - Apache Jena 3.7.0 through 4.8.0 > > Description: > > There is insufficient restrictions of called script functions in Apache Jena > versions 4.8.0 and earlier. It allows a > remote user to execute javascript via a SPARQL query. > This issue affects Apache Jena: from 3.7.0 through 4.8.0. > > Credit: > > s3gundo of Alibaba (reporter) > > References: > > https://www.cve.org/CVERecord?id=CVE-2023-22665 > https://jena.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2023-32200 > >
