org.apache.tika:tika-core@1.16 vulnerabilities
-
latest version
2.9.1
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
5 months ago
-
licenses detected
- [0.4,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.tika:tika-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to incomplete fix of CVE-2022-30126 and CVE-2022-30973 for regexes in the How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,1.28.4)
[2.0.0-ALPHA,2.4.1)
|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the Note: This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,1.28.3)
|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via a specially crafted file, when being parsed by the Note:
This only affects users who are running the How to fix Regular Expression Denial of Service (ReDoS)? Upgrade |
[,1.28.3)
[2.0.0-ALPHA,2.4.0)
|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a carefully crafted or corrupt zip file. How to fix Denial of Service (DoS)? Upgrade |
[1.7,1.22)
|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to Stack Overflow due to a carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file. How to fix Stack Overflow? Upgrade |
[1.7,1.22)
|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. An sqlite file that is carefully crafted or corrupted can cause an infinite loop in Apache Tika's SQLite3Parser. How to fix Denial of Service (DoS)? Upgrade |
[1.8,1.20)
|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection attacks. Under certain circumstances, the entity expansion limit might be removed during XML parsing. How to fix XML External Entity (XXE) Injection? Upgrade |
[0.4,1.19.1)
|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. The XML parsers were not configured to limit entity expansion. How to fix XML External Entity (XXE) Injection? Upgrade |
[1.0,1.19)
|
org.apache.tika:tika-core is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Affected versions of this package are vulnerable to Arbitrary Command Injection. Clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running to the tika-server. How to fix Arbitrary Command Injection? Upgrade |
[,1.18)
|