[MAVEN:GHSA-QW3F-W4PF-JH5F] Regular expression denial of service in apache tika
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.tika/tika-core
|
>= 1.17, < 1.28.3 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.tika/tika-core
|
= 1.28.3 |
- ID
- MAVEN:GHSA-QW3F-W4PF-JH5F
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-qw3f-w4pf-jh5f
- Published
-
2022-06-01T00:00:36
(2 years ago) - Modified
-
2023-08-24T20:25:40
(13 months ago) - Rights
- Maven Security Team
- Other Advisories
SUSE-SU-2022:3310-1| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |