High severityNVD Advisory· Published Aug 2, 2019· Updated Aug 4, 2024
CVE-2019-10094
CVE-2019-10094
Description
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tika:tika-coreMaven | >= 1.7, < 1.22 | 1.22 |
Affected products
47- ghsa-coords46 versionspkg:maven/org.apache.tika/tika-corepkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/cpu-mitigations-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/pgjdbc-ng&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/pgjdbc-ng&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/prometheus-exporters-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/pxe-default-image-sle15&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/python-susemanager-retail&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/python-urlgrabber&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-config&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%20Module%204.0
>= 1.7, < 1.22+ 45 more
- (no CPE)range: >= 1.7, < 1.22
- (no CPE)range: < 2.6.6-6.22.1
- (no CPE)range: < 3.0.0+git20190806.32c4bae0-7.3.7
- (no CPE)range: < 0.1-4.6.7
- (no CPE)range: < 4.0.10-3.6.8
- (no CPE)range: < 4.0-9.3.8
- (no CPE)range: < 0.7.1-2.6.1
- (no CPE)range: < 0.7.1-3.3.8
- (no CPE)range: < 0.4-3.3.7
- (no CPE)range: < 4.0.0-20191106084601
- (no CPE)range: < 2016.11.10-6.32.1
- (no CPE)range: < 2016.11.10-10.8.8
- (no CPE)range: < 1.0.1568808472.be9f236-3.6.7
- (no CPE)range: < 3.10.2.1py2_3-6.22.6
- (no CPE)range: < 2.8.25.11-3.23.1
- (no CPE)range: < 4.0.16-3.6.7
- (no CPE)range: < 4.0.8-3.3.8
- (no CPE)range: < 2.8.57.19-3.39.2
- (no CPE)range: < 4.0.27-3.13.9
- (no CPE)range: < 2.8.5.16-3.22.1
- (no CPE)range: < 4.0.14-3.6.8
- (no CPE)range: < 4.0.12-3.6.8
- (no CPE)range: < 2.8.22.5-3.6.1
- (no CPE)range: < 4.0.10-3.6.8
- (no CPE)range: < 4.0.13-3.3.7
- (no CPE)range: < 2.8.78.24-3.38.1
- (no CPE)range: < 4.0.25-3.10.5
- (no CPE)range: < 2.8.7.8-3.19.1
- (no CPE)range: < 4.0.11-3.6.7
- (no CPE)range: < 2.8.18.5-3.9.1
- (no CPE)range: < 4.0.13-3.6.8
- (no CPE)range: < 2.8.7.19-3.36.1
- (no CPE)range: < 4.0.16-3.9.8
- (no CPE)range: < 3.2.20-3.31.2
- (no CPE)range: < 4.0.17-3.6.9
- (no CPE)range: < 4.0-10.9.8
- (no CPE)range: < 3.2-11.32.1
- (no CPE)range: < 4.0-10.9.7
- (no CPE)range: < 3.2.21-3.31.1
- (no CPE)range: < 4.0.16-3.8.5
- (no CPE)range: < 3.2.27-3.35.1
- (no CPE)range: < 4.0.22-3.10.4
- (no CPE)range: < 4.0.13-3.6.7
- (no CPE)range: < 1.22-3.9.1
- (no CPE)range: < 1.22-3.3.7
- (no CPE)range: < 1.0.19-3.3.8
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-mm7m-xg4h-6m52ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10094ghsaADVISORY
- lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3EghsaWEB
- lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3EghsaWEB
- lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3EghsaWEB
- lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61%40%3Cdev.tika.apache.org%3Emitrex_refsource_CONFIRM
- lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3EghsaWEB
- www.oracle.com/security-alerts/cpuapr2020.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2020.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.