CVE-2021-39239

NameCVE-2021-39239
DescriptionA vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1014982

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache-jena (PTS)bookworm4.5.0-2fixed
sid, trixie4.9.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apache-jenasource(unstable)4.5.0-11014982

Notes

https://lists.apache.org/thread/qpbfrdty7jt3yfm39hx4p9dp151sd6gm

Search for package or bug name: Reporting problems