Apache Tika prior to 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tika |
||
apache nutch 2.3.1 |