3 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-11796
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tika 1.19 CVE-2018-11761, we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which,...
Important: Red Hat Security Advisory: Red Hat Fuse 7.5.0 security update
A minor version update from 7.4 to 7.5 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
CVE-2018-11796
In Apache Tika 1.19 CVE-2018-11761, we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after...