CVE-2022-30126

CVSS v3.1 5.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.09 % (40^th)

Affected Products 2

Advisories 3

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0

Weaknesses

CWE-NVD-Other

Related CVEs

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2022-05-16 17:15:09
(2 years ago)
Updated Date: 2022-10-19 13:39:55
(23 months ago)

Affected Products

Apache

Tika

Oracle

Primavera Unifier

Configuration #1

		CPE23	From	Up To
	Apache Tika prior 1.28.3 version	cpe:2.3:a:apache:tika		< 1.28.3
	Apache Tika from 2.0.0 version and prior 2.4.0 version	cpe:2.3:a:apache:tika	>= 2.0.0	< 2.4.0

Configuration #2

	CPE23	From	Up To
Oracle Primavera Unifier from 17.7 version and 17.12 and prior versions	cpe:2.3:a:oracle:primavera_unifier	>= 17.7	<= 17.12
Oracle Primavera Unifier 18.8	cpe:2.3:a:oracle:primavera_unifier:18.8
Oracle Primavera Unifier 19.12	cpe:2.3:a:oracle:primavera_unifier:19.12
Oracle Primavera Unifier 20.12	cpe:2.3:a:oracle:primavera_unifier:20.12
Oracle Primavera Unifier 21.12	cpe:2.3:a:oracle:primavera_unifier:21.12