There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-02-13T16:44:03.940Z

Reserved: 2023-01-05T14:41:04.515Z

Link: CVE-2023-22665

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-25T07:15:08.137

Modified: 2024-11-21T07:45:09.793

Link: CVE-2023-22665

cve-icon Redhat

No data.