2 matches found
PT-2025-49099
Name of the Vulnerable Software and Affected Versions tika-core versions 1.13 through 3.2.1 tika-parser-pdf-module versions 2.0.0 through 3.2.1 tika-parsers versions 1.13 through 1.28.5 Description Apache Tika incorrectly handles XML external entities when parsing XFA XML Forms Architecture conte...
GHSA-P72G-PV48-7W9X Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...