Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.jena/jena@2.11.1

Type maven

Namespace org.apache.jena

Name jena

Version 2.11.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.5.0

Latest_non_vulnerable_version 5.5.0

Affected_by_vulnerabilities

url VCID-p74g-37a5-jubh

vulnerability_id VCID-p74g-37a5-jubh

summary

File access paths in configuration files uploaded by users with administrator access are not validated.

This issue affects Apache Jena version up to 5.4.0.

Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50151.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-50151.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-50151

reference_id

reference_type

scores

value	0.00709
scoring_system	epss
scoring_elements	0.72759
published_at	2026-06-13T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72756
published_at	2026-06-14T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72667
published_at	2026-06-11T12:55:00Z

value	0.00709
scoring_system	epss
scoring_elements	0.72744
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-50151

reference_url

https://github.com/apache/jena

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/jena

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-50151

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-50151

reference_url

http://www.openwall.com/lists/oss-security/2025/07/21/2

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/07/21/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109807
reference_id	1109807
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109807

reference_url

https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss

reference_id

12gks5z40gh9bszn1xk8mz34gz586xss

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-21T14:40:14Z/

url

https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2382279
reference_id	2382279
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2382279

reference_url

https://github.com/advisories/GHSA-xg9p-p463-3qjp

reference_id

GHSA-xg9p-p463-3qjp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xg9p-p463-3qjp

fixed_packages

url	pkg:maven/org.apache.jena/jena@5.5.0
purl	pkg:maven/org.apache.jena/jena@5.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@5.5.0

aliases CVE-2025-50151, GHSA-xg9p-p463-3qjp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p74g-37a5-jubh

url VCID-wvab-fe1s-mfg7

vulnerability_id VCID-wvab-fe1s-mfg7

summary A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39239

reference_id

reference_type

scores

value	0.00563
scoring_system	epss
scoring_elements	0.68833
published_at	2026-06-11T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68926
published_at	2026-06-12T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68939
published_at	2026-06-13T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68935
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39239

reference_url

https://gitbox.apache.org/repos/asf?p=jena.git

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitbox.apache.org/repos/asf?p=jena.git

reference_url

https://lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc167309335738156dfbd7d9c1bf45@%3Cdev.jena.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc167309335738156dfbd7d9c1bf45@%3Cdev.jena.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb692738a0bbfed9d@%3Cdev.jena.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb692738a0bbfed9d@%3Cdev.jena.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d%40%3Cusers.jena.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d%40%3Cusers.jena.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-39239

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-39239

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014982
reference_id	1014982
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014982

reference_url

https://github.com/advisories/GHSA-7rp6-w7mg-h8rw

reference_id

GHSA-7rp6-w7mg-h8rw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7rp6-w7mg-h8rw

fixed_packages

url pkg:maven/org.apache.jena/jena@4.2.0

purl pkg:maven/org.apache.jena/jena@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mf22-9ste-yug4

vulnerability	VCID-p74g-37a5-jubh

vulnerability	VCID-qg4f-qasq-37f7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@4.2.0

aliases CVE-2021-39239, GHSA-7rp6-w7mg-h8rw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wvab-fe1s-mfg7

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jena/jena@2.11.1

Package Instance