Vulnerability Description
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Jena | <= 4.1.0 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc16730933573815
- https://lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb6
- https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9
- https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9Mailing ListVendor Advisory
- https://lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc16730933573815
- https://lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb6
- https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9
- https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9Mailing ListVendor Advisory
FAQ
What is CVE-2021-39239?
CVE-2021-39239 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote serv...
How severe is CVE-2021-39239?
CVE-2021-39239 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39239?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Jena.