EUVD-2022-5964

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-30973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by...

SUSE CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

SUSE-SU-2022:3311-1 Security update for tika-core

This update for tika-core fixes the following issues: - CVE-2022-33879: Regular Expression Denial of Service in StandardsExtractingContentHandler bsc1201217 - CVE-2022-30973, CVE-2022-30126: Regular Expression Denial of Service in Standards Extractor bsc1199604, bsc1200283...

SUSE-SU-2022:3310-1 Security update for tika-core

This update for tika-core fixes the following issues: - CVE-2022-33879: Incomplete fix and new regex DoS in StandardsExtractingContentHandler. bsc1201217 - CVE-2022-30973, CVE-2022-30126: Regular Expression Denial of Service in Standards Extractor. bsc1199604, bsc1200283...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tika

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tika. Vulnerability Details CVEID: CVE-2022-30126 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the StandardsText class i...

Regular Expression Denial Of Service (ReDoS)

org.apache.tika:tika is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler component, due to an insecure regular expression usage in setThreshold function by...

Apache Tika contains incomplete fix for regex DoS

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...

Design/Logic Flaw

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...

ai.konduit.serving:konduit-serving-cli (=0.1.0), ai.konduit.serving:konduit-serving-distro-bom (=0.1.0) +1594 more potentially affected by CVE-2022-30973 via org.apache.tika:tika-core (>=1.17 <=1.28.2)

org.apache.tika:tika-core MAVEN version =1.17, =4.1.3, =3.1.1, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.2.7, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.1.2, =4.4.0-beta.7 and more Source cves: CVE-2022-30973 Source advisory: OSV:GHSA-QW3F-W4PF-JH5F...

CVE-2022-30973

creationtimestamp| type| source ---|---|--- 2022-05-31 18:18:50+00:00| seen| https://t.me/cibsecurity/43564 2022-06-28 02:35:07+00:00| seen| https://t.me/cibsecurity/45253...

CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

CVE-2022-30973

Apache Tika's ReDoS vulnerability (CVE-2022-30973) arises from a regex in StandardsText used by StandardsExtractingContentHandler. Affected: 1.x branch, specifically the 1.28.2 release; impact is denial of service via backtracking on crafted files. The issue is limited to users running the Standa...