=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN488
_____________________________________________________________________

DATE                : 17/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Jena versions prior to
                                         4.2.0.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202109.mbox/%3c6f556682-d3ce-b56b-b24e-555af94fab3b@apache.org%3e
_____________________________________________________________________

CVE-2021-39239: Apache Jena: XML External Entity (XXE) vulnerability


Severity: high

Description:

A vulnerability in XML processing in Apache Jena, in versions up to
4.1.0, may allow an attacker to execute XML External Entities (XXE),
including exposing the contents of local files to a remote server.


Mitigation:

Users are advised to upgrade to Apache Jena 4.2.0 or later.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================