CVE-2021-39239

Summary

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Jenaunspecified < 4.1.0affected

Weaknesses

  • XML External Entity (XXE) vulnerability

Workarounds

Users are advised to upgrade to Apache Jena 4.2.0 or later.

ADP Enrichment

CVE Program Container

Additional References

References