Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tika
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-31 | CVE-2021-28657 | A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. | Tika, Communications_messaging_server, Healthcare_foundation, Primavera_unifier, Webcenter_portal | 5.5 | ||
| 2021-06-16 | CVE-2021-33813 | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | Solr, Tika, Debian_linux, Fedora, Jdom, Communications_messaging_server | 7.5 | ||
| 2016-12-15 | CVE-2015-3271 | Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header. | Tika | 5.3 | ||
| 2022-05-16 | CVE-2022-25169 | The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | Tika, Primavera_unifier | 5.5 | ||
| 2022-06-27 | CVE-2022-33879 | The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. | Tika | 3.3 | ||
| 2022-05-31 | CVE-2022-30973 | We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. | Tika | 5.5 | ||
| 2022-05-16 | CVE-2022-30126 | In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 | Tika, Primavera_unifier | 5.5 | ||
| 2020-03-23 | CVE-2020-1950 | A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. | Tika, Ubuntu_linux, Debian_linux, Business_process_management_suite, Communications_messaging_server, Flexcube_private_banking | 5.5 | ||
| 2020-03-23 | CVE-2020-1951 | A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. | Tika, Ubuntu_linux, Debian_linux, Business_process_management_suite, Communications_messaging_server, Flexcube_private_banking | 5.5 | ||
| 2018-09-19 | CVE-2018-11761 | In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. | Tika, Business_process_management_suite | 7.5 |