5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
8.0%
org.apache.tika:tika is vulnerable to regular expression denial of service (ReDoS) attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler
, due to a insecure regular expression usage in StandardsText
class by backtracking on a specially crafted file. This resolves an incomplete fix for the 1.x branch in CVE-2022-30126
.
CPE | Name | Operator | Version |
---|---|---|---|
apache tika core | le | 1.28.2 | |
apache tika core | le | 2.3.0 | |
apache tika core | le | 1.28.2 | |
apache tika core | le | 2.3.0 |
www.openwall.com/lists/oss-security/2022/05/31/2
www.openwall.com/lists/oss-security/2022/06/27/5
github.com/apache/tika/commit/83b0de4d60161ebd4bc224141a959ac8c18d95f4
github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265
lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p
sca.analysiscenter.veracode.com/vulnerability-database/security/denial-of-service-dos-/java/sid-35567
security.netapp.com/advisory/ntap-20220722-0004/
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
8.0%