CVE-2018-11762
CVSS v3.0
5.9 (Medium)
CVSS v2.0
5.8 (Medium)
EPSS
0.10 % (43th)
Affected Products
1
Advisories
1
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
Weaknesses
- CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2018-09-19 14:29:00
(6 years ago) - Updated Date
-
2023-11-07 02:51:45
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...