CVE-2021-33192
Cross-site scripting in Apache Jena Fuseki
6.1
MEDIUM
CVSS 3.1
EPSS 3.4%
Description
A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).
How to fix CVE-2021-33192
To remediate CVE-2021-33192, upgrade the affected package to a fixed version below.
- Debian/apache-jena—upgrade to 4.5.0-1 or later
- —upgrade to 4.1.0 or later
Is CVE-2021-33192 being exploited?
Low — EPSS is 3.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.5.0-1
- >= 2.0.0, < 4.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |