You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Andy Seaborne <an...@apache.org> on 2021/09/16 11:55:11 UTC

CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability

Severity: high

Description:

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

Mitigation:

Users are advised to upgrade to Apache Jena 4.2.0 or later.