VYPR
Moderate severityNVD Advisory· Published May 16, 2022· Updated Aug 3, 2024

Apache Tika Regular Expression Denial of Service in Standards Extractor

CVE-2022-30126

Description

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tika:tika-coreMaven
>= 1.17, < 1.28.21.28.2
org.apache.tika:tika-coreMaven
>= 2.0.0, < 2.4.02.4.0

Affected products

4

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.