Andy Seaborne

**Name of the Vulnerable Software and Affected Versions** Apache Jena versions up to 5.4.0 **Description** The application does not validate file access paths within configuration files uploaded by users possessing administrator privileges. This could allow for unauthorized access or manipulation of system resources. **Recommendations** Upgrade to version 5.5.0, which prevents arbitrary configuration uploads.

**Name of the Vulnerable Software and Affected Versions** Apache Jena versions up to 4.1.0 **Description** A vulnerability in XML processing may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server. The issue is related to incorrect restriction of XML links to external objects, which can be exploited by a remote attacker to disclose protected information. **Recommendations** For versions up to 4.1.0, update to a version later than 4.1.0 to resolve the issue. As a temporary workaround, consider restricting XML processing to minimize the risk of exploitation. Avoid using XML External Entities (XXE) in XML processing until the issue is resolved.