Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-28657

Published: 31/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Tika

Vulnerability Summary

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tika

oracle webcenter portal 12.2.1.3.0

oracle primavera unifier 18.8

oracle primavera unifier

oracle primavera unifier 19.12

oracle webcenter portal 12.2.1.4.0

oracle healthcare foundation 7.3.0

oracle primavera unifier 20.12

oracle communications messaging server 8.1

oracle healthcare foundation 8.0.0

oracle healthcare foundation 8.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-28657
Debian Bug report logs - #986805 CVE-2021-28657 Package: src:tika; Maintainer for src:tika is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 12 Apr 2021 10:03:06 UTC Severity: important Tags: security, upstream Reply or subscri ...
Red Hat: CVE-2021-28657
No description is available for this CVE ...

References

CWE-835https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210507-0004/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-28657
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook