GHSA-j8g6-2wh7-6439

Source

https://github.com/advisories/GHSA-j8g6-2wh7-6439

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-j8g6-2wh7-6439/GHSA-j8g6-2wh7-6439.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j8g6-2wh7-6439

Aliases

CVE-2016-6809

Published

2018-10-17T15:44:36Z

Modified

2024-04-12T21:46:00.628890Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Details

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Database specific

{
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-502"
    ],
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:42:46Z"
}

References

Affected packages

Maven / org.apache.tika:tika-core

Package

Name: org.apache.tika:tika-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tika/tika-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14

Affected versions

0.*

0.4

0.5

0.6

0.7

0.8

0.9

0.10

1.*

1.0

1.1

1.2

1.3

1.4

1.5

1.6

1.7

1.8

1.9

1.10

1.11

1.12

1.13