====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN347
_____________________________________________________________________

DATE                : 07/07/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Jena Fuseki versions prior
                                        to 4.1.0.

=====================================================================
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
_____________________________________________________________________

CVE-2021-33192 Apache Jena Fuseki Display information UI XSS


Severity: Medium


Description:

A vulnerability in the HTML pages of Apache Jena Fuseki allows an
attacker to execute arbitrary javascript on certain
page views.  This issue affects Apache Jena Fuseki from version 2.0.0
to version 4.0.0 (inclusive).


Mitigation:

Users are advised to upgrade to Apache Jena 4.1.0 or later.


Credit:

Apache Jena would like to thank Luka Safonov for reporting this issue.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================