rdf

Kelvin 2023-05-03T15:27:01.791329Z

Looks like there was an remote code execution CVE in Apache Jena versions 4.7.0 and below: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22665

Kelvin 2023-05-03T15:27:58.840789Z

There’s discussion of it https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s but oddly enough I don’t see any explicit mention of it in the Jena changelogs or any of the issue trackers

Kelvin 2023-05-03T16:17:56.202149Z

But real question - since when can you do JavaScript scripting in SPARQL in the first place?!?

Kelvin 2023-05-03T16:18:29.556689Z

I’m assuming it’ll be via a custom function or something