GHSA-6q8v-2hvm-fx37

Source

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-6q8v-2hvm-fx37/GHSA-6q8v-2hvm-fx37.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6q8v-2hvm-fx37

Aliases

CVE-2022-33879

Published

2022-06-28T00:00:41Z

Modified

2024-12-08T05:25:29.838246Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Apache Tika contains incomplete fix for regex DoS

Details

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.

Database specific

{
    "nvd_published_at": "2022-06-27T22:15:00Z",
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:20:51Z"
}

References

Affected packages

Maven / org.apache.tika:tika

Package

Name: org.apache.tika:tika; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tika/tika

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.28.4

Affected versions

0.*

0.2

0.3

1.*

1.6

1.7

1.8

1.9

1.10

1.11

1.12

1.13

1.14

1.15

1.16

1.17

1.18

1.19

1.19.1

1.20

1.21

1.22

1.23

1.24

1.24.1

1.25

1.26

1.27

1.28

1.28.1

1.28.2

1.28.3

Maven / org.apache.tika:tika

Package

Name: org.apache.tika:tika; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tika/tika

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.4.1

Affected versions

2.*

2.0.0

2.1.0

2.2.0

2.2.1

2.3.0

2.4.0