CVE-2022-28890

Summary

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache JenaApache Jena <= 4.4.0affected

Weaknesses

  • XML External DTD vulnerability

Workarounds

Users are advised to upgrade to Apache Jena 4.5.0 or later.

ADP Enrichment

CVE Program Container

Additional References

References