10 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-11762
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an...
CVE-2025-48387 tar-fs has issue where extract can write outside the specified dir with a specific tarball
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore n...
SUSE CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...
Moderate severity vulnerability that affects org.apache.tika:tika-core
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...
GHSA-W6G3-V46Q-5P28 Moderate severity vulnerability that affects org.apache.tika:tika-core
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...
Arbitrary File Overwrite
Apache tika-app is vulnerable to arbitrary file overwrite. An input file that has an embedded file containing an absolute path such as C:/evil.dll will cause the application to overwrite the file when the extract directory tag --extract-dir= is not specified on the commandline...
Path traversal
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...
CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...
DEBIAN-CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...
UBUNTU-CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...