GHSA-rpjm-422r-95mh

Suggest an improvement
Source
https://github.com/advisories/GHSA-rpjm-422r-95mh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rpjm-422r-95mh/GHSA-rpjm-422r-95mh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rpjm-422r-95mh
Aliases
Published
2022-05-17T00:00:37Z
Modified
2024-02-16T08:23:23.019333Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Regular expression denial of service in apache tika
Details

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler.

This was originally fixed in 1.28.2 and 2.4.0. While the fix in version 2.4.0 was complete, the fix for the 1.x branch wasn't incorporated until version 1.28.3. Please see GHSA-qw3f-w4pf-jh5f for more information.

Database specific
{
    "nvd_published_at": "2022-05-16T17:15:00Z",
    "cwe_ids": [
        "CWE-1333"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-25T19:29:25Z"
}
References

Affected packages

Maven / org.apache.tika:tika

Package

Name
org.apache.tika:tika
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tika/tika

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.17
Fixed
1.28.2

Affected versions

1.*

1.17
1.18
1.19
1.19.1
1.20
1.21
1.22
1.23
1.24
1.24.1
1.25
1.26
1.27
1.28
1.28.1

Maven / org.apache.tika:tika

Package

Name
org.apache.tika:tika
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tika/tika

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.4.0

Affected versions

2.*

2.0.0
2.1.0
2.2.0
2.2.1
2.3.0