Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gchv-364h-r896: XML External Entity Reference in apache jena

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.

ghsa
#vulnerability#apache#git

XML External Entity Reference in apache jena

Critical severity GitHub Reviewed Published May 6, 2022 • Updated May 24, 2022

Related news

CVE-2021-41042: External DTD access in Eclipse Lyo (#287) · Issues · Eclipse Foundation / EMO Team / EMO

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.