Apache · Apache Jena · CVE-2022-28890
**Name of the Vulnerable Software and Affected Versions**
Apache Jena versions prior to 4.4.0
**Description**
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects versions prior to 4.4.0, excluding Apache Jena 4.2.x and 4.3.x, which do not allow external entities.
**Recommendations**
For Apache Jena versions prior to 4.4.0, update to a version that is not affected by this issue.
As a temporary workaround, consider disabling the RDF/XML parser until a patch is available.
Restrict access to external DTDs to minimize the risk of exploitation.