org.eclipse.rdf4j:rdf4j-rio-trix@2.2 vulnerabilities

latest version

5.1.4

latest non vulnerable version

5.1.4

first published

9 years ago

latest version published

1 months ago

licenses detected

EPL-1.0
[1.0M1,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.rdf4j:rdf4j-rio-trix package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C XML External Entity (XXE) Injection org.eclipse.rdf4j:rdf4j-rio-trix is a Rio parser and writer implementation for the TriX file format. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The `RDF4j` XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. How to fix XML External Entity (XXE) Injection? Upgrade `org.eclipse.rdf4j:rdf4j-rio-trix` to version 2.4.1 or higher.	[,2.4.1)

XML External Entity (XXE) Injection

org.eclipse.rdf4j:rdf4j-rio-trix is a Rio parser and writer implementation for the TriX file format.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning.

How to fix XML External Entity (XXE) Injection?

Upgrade org.eclipse.rdf4j:rdf4j-rio-trix to version 2.4.1 or higher.

[,2.4.1)

Go back to all versions of this package