There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0.

Affected Packages

Maven org.apache.jena:jena

Affected versions: 3.7.0 (fixed in 4.9.0)

Related CVEs

CVE-2023-32200

Key Information

GHSA ID

GHSA-j927-w6g7-7c7w

Published

July 12, 2023 9:30 AM

Last Modified

July 20, 2023 2:57 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.jena:jena

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.