Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache tika vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2022-33879
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
Apache Tika
2.6
CVSSv2
CVE-2022-30973
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted fi...
Apache Tika
4.3
CVSSv2
CVE-2022-25169
The BPG parser in versions of Apache Tika prior to 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
Apache Tika
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
4.3
CVSSv2
CVE-2022-30126
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, whic...
Apache Tika
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Primavera Unifier 21.12
5
CVSSv2
CVE-2021-33813
An XXE issue in SAXBuilder in JDOM up to and including 2.0.6 allows malicious users to cause a denial of service via a crafted HTTP request.
Jdom Jdom
Apache Solr 8.8.1
Apache Solr 8.9
Apache Tika 1.25
Debian Debian Linux 9.0
Fedoraproject Fedora 35
Oracle Communications Messaging Server 8.1
1 Github repository
4.3
CVSSv2
CVE-2021-28657
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Apache Tika
Oracle Webcenter Portal 12.2.1.3.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Webcenter Portal 12.2.1.4.0
Oracle Healthcare Foundation 7.3.0
Oracle Primavera Unifier 20.12
Oracle Communications Messaging Server 8.1
Oracle Healthcare Foundation 8.0.0
Oracle Healthcare Foundation 8.1.0
4.3
CVSSv2
CVE-2020-9489
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache...
Apache Tika 1.24
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.2
Oracle Flexcube Private Banking 12.0.0
Oracle Primavera Unifier 16.1
Oracle Webcenter Portal 12.2.1.3.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Webcenter Portal 12.2.1.4.0
Oracle Communications Messaging Server 8.1
4.3
CVSSv2
CVE-2020-1951
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
Apache Tika
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Debian Debian Linux 8.0
Oracle Business Process Management Suite 12.2.1.3.0
Canonical Ubuntu Linux 16.04
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Communications Messaging Server 8.0.2
4.3
CVSSv2
CVE-2020-1950
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
Apache Tika
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Debian Debian Linux 8.0
Oracle Business Process Management Suite 12.2.1.3.0
Canonical Ubuntu Linux 16.04
Oracle Business Process Management Suite 12.2.1.4.0
Oracle Communications Messaging Server 8.1
Oracle Communications Messaging Server 8.0.2
6.8
CVSSv2
CVE-2019-10088
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
Apache Tika
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »