Vulnerability in Apache Tika
CVE-2019-10088
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
EPSS: 0.010 (77.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Tika — versions 1.7 to 1.21
References
- lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e… (x_refsource_CONFIRM)
- [tika-dev] 20190809 security fixes for CVE-2019-10088 and CVE-2019-1009{3,4} (mailing-list, x_refsource_MLIST)
- [tika-dev] 20190812 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4} (mailing-list, x_refsource_MLIST)
- [tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4} (mailing-list, x_refsource_MLIST)
- security.netapp.com/advisory/ntap-20190828-0004/ (x_refsource_CONFIRM)
- www.oracle.com/security-alerts/cpujan2020.html (x_refsource_MISC)
- [lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 (mailing-list, x_refsource_MLIST)
- www.oracle.com/security-alerts/cpuapr2020.html (x_refsource_MISC)