| Vulnerable Component Details | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | Namespace | Name | Version | Package URL | |||||||||||||||||||
| maven | org.apache.jena | jena-core | 3.12.0 | pkg:maven/org.apache.jena/jena-core@3.12.0?type=jar | |||||||||||||||||||
| Vulnerability Details | |||||||||||||||||||||||
| ID | GHSA-7rp6-w7mg-h8rw | ||||||||||||||||||||||
| Description | A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. | ||||||||||||||||||||||
| Recommendation | Upgrade to version 4.2.0 or above.. || State: fixed | Fix Versions: 4.2.0 | ||||||||||||||||||||||
| Ratings |
|
||||||||||||||||||||||
| Related Vulnerabilities | |||||||||||||||||||||||
| Found By | Anchore Grype , Aquasec Trivy , Sonotype OSS-Index , Gitlab Gemnasium | ||||||||||||||||||||||
| References / Advisories |
|
||||||||||||||||||||||
| Weakness Enumeration | |||||||||||||||||||||||