[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-30973: Apache Tika: Missing fix for CVE-2022-30126 in 1.28.2
From: Tim Allison <tallison () apache ! org>
Date: 2022-05-31 13:04:24
Message-ID: ef0d3598-74a5-7981-af98-c05407457f68 () apache ! org
[Download RAW message or body]
Description:
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28=
.2 release. In Apache Tika, a regular expression in the StandardsText =
class, used by the StandardsExtractingContentHandler could lead to a denial=
of service caused by backtracking on a specially crafted file. This only =
affects users who are running the StandardsExtractingContentHandler, which =
is a non-standard handler. This is fixed in 1.28.3.
Mitigation:
Avoid using the StandardsExtractingContentHandler or upgrade to Tika 1.28.3=
or 2.4.0
Credit:
This issue was reported by Cathy Hu, SUSE Software Solutions Germany GmbH.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic