Fork me on GitHub
#rdf
<
2023-05-03
>
Kelvin15:05:01

Looks like there was an remote code execution CVE in Apache Jena versions 4.7.0 and below: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22665

Kelvin15:05:58

There’s discussion of it https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s but oddly enough I don’t see any explicit mention of it in the Jena changelogs or any of the issue trackers

Kelvin16:05:56

But real question - since when can you do JavaScript scripting in SPARQL in the first place?!?

Kelvin16:05:29

I’m assuming it’ll be via a custom function or something