GHSA-xg9p-p463-3qjp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xg9p-p463-3qjp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-xg9p-p463-3qjp/GHSA-xg9p-p463-3qjp.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-xg9p-p463-3qjp
- Aliases
- Published
- 2025-07-21T12:30:34Z
- Modified
- 2025-07-21T19:57:45.448183Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access
- Details
-
File access paths in configuration files uploaded by users with administrator access are not validated.
This issue affects Apache Jena version up to 5.4.0.
Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.
- Database specific
{ "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2025-07-21T19:38:58Z", "cwe_ids": [ "CWE-20" ], "nvd_published_at": "2025-07-21T10:15:25Z" }- References
Affected packages
Maven / org.apache.jena:jena
Package
- Name
- org.apache.jena:jena
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.jena/jena
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.5.0
Affected versions
2.*
2.7.1
2.7.2
2.7.3
2.7.4
2.10.0
2.10.1
2.11.0
2.11.1
2.11.2
2.12.0
2.12.1
2.13.0
3.*
3.0.0
3.0.1
3.1.0
3.1.1
3.2.0
3.3.0
3.4.0
3.5.0
3.6.0
3.7.0
3.8.0
3.9.0
3.10.0
3.11.0
3.12.0
3.13.0
3.13.1
3.14.0
3.15.0
3.16.0
3.17.0
4.*
4.0.0
4.1.0
4.2.0
4.3.0
4.3.1
4.3.2
4.4.0
4.5.0
4.6.0
4.6.1
4.7.0
4.8.0
4.9.0
4.10.0
5.*
5.0.0-rc1
5.0.0
5.1.0
5.2.0
5.3.0
5.4.0