CVE-2025-49656
MEDIUM4.9EPSS 1.0%Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server
發布日:2025/7/21修改日:2026/4/28
描述
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.
受影響套件(2)
- Debian/apache-jenafrom 0
- Maven/org.apache.jena:jena-fusekifrom 0, < 5.5.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-49656
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-49656
- PATCHhttps://github.com/apache/jena
- WEBhttps://github.com/apache/jena/commit/03c5265910aa3a27907bf54f6b4aaae3409afa4f
- WEBhttps://github.com/apache/jena/commit/35350569b4c1fd432d92e7c92af9597c4400debe
- WEBhttps://lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq
- WEBhttp://www.openwall.com/lists/oss-security/2025/07/21/1