CVE-2021-39239

Vulnerable Component Details
Type Namespace Name Version Package URL
maven org.apache.jena jena-core 3.12.0 pkg:maven/org.apache.jena/jena-core@3.12.0?type=jar
Vulnerability Details
ID CVE-2021-39239
Description A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
Recommendation . || State: fixed | Fix Versions: 4.2.0. || Upgrade to version 4.2.0 or above.
Ratings
Severity Score Method Vector Source
None None ghsa
5.0 CVSSv2 AV:N/AC:L/Au:N/C:P/I:N/A:N nvd
7.5 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N nvd
Related Vulnerabilities
Found By Gitlab Gemnasium , Anchore Grype , Sonotype OSS-Index , Aquasec Trivy
References / Advisories
Weakness Enumeration