Arbitrary Code Execution Affecting org.apache.tika:tika-parsers Open this link in a new tab package, versions [1.6,1.14)


0.0
critical
  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHETIKA-30817

  • published

    14 Nov 2016

  • disclosed

    14 Nov 2016

  • credit

    Pierre Ernst

Overview

org.apache.tika:tika-parsers Affected versions of the package are vulnerable to Arbitrary Code Execution. Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized.

References