4 matches found
Security Bulletin: IBM QRadar Incident Forensics is vulnerable to publicly disclosed vulnerabilities from Apache Tika (CVE-2018-11761, CVE-2018-11762, CVE-2018-8017, CVE-2018-11796)
Summary Open source Apache Tika as used in IBM QRadar Incident Forensics is affected by multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-11761 Description: Apache Tika is vulnerable to a denial of service, caused by the failure to configure XML parsers to limit entity expansion. A...
ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), au.com.turingg:turingg-files (=0.0.1) +1046 more potentially affected by CVE-2018-11762 via org.apache.tika:tika-core (>=0.9 <=1.18)
org.apache.tika:tika-core MAVEN version =0.9, =1.0.0, =1.0.68, =3.6.1, =3.11.0, =1.0.0, =4.6.0, =1.0.12, =18.1.1, =0.1, =0.2.4 and more Source cves: CVE-2018-11762 Source advisory: OSV:GHSA-W6G3-V46Q-5P28...
CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...
CVE-2018-11762
CVE-2018-11762 affects Apache Tika 0.9–1.18. In the rare case where no extract directory is specified on the command line and an embedded file has an absolute path (e.g., C:/evil.bat), tika-app could overwrite that file. The issue is a path handling/Zip extraction edge case; impact is potential a...