CVE-2018-11762

CVSS v3.0 5.9 (Medium)

CVSS v2.0 5.8 (Medium)

EPSS 0.10 % (43^th)

Affected Products 1

Advisories 1

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.

Weaknesses

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2018-09-19 14:29:00
(6 years ago)
Updated Date: 2023-11-07 02:51:45
(10 months ago)

Affected Products

Apache

Tika

Configuration #1

		CPE23	From	Up To
	Apache Tika from 0.9 version and 1.18 and prior versions	cpe:2.3:a:apache:tika	>= 0.9	<= 1.18