CVE-2023-22665

Name of the Vulnerable Software and Affected Versions Apache Jena versions 3.7.0 through 4.8.0

Description The issue is related to insufficient checking of user queries and restrictions of called script functions in Apache Jena, allowing a remote user to execute arbitrary javascript via a SPARQL query.

Recommendations For Apache Jena versions 3.7.0 through 4.8.0, consider disabling custom script invocation until a patch is available to prevent the execution of arbitrary javascript. Restrict access to SPARQL query endpoints to minimize the risk of exploitation. Avoid using custom scripts in Apache Jena until the issue is resolved.