Moderate severityNVD Advisory· Published May 16, 2022· Updated Aug 3, 2024
Apache Tika Regular Expression Denial of Service in Standards Extractor
CVE-2022-30126
Description
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tika:tika-coreMaven | >= 1.17, < 1.28.2 | 1.28.2 |
org.apache.tika:tika-coreMaven | >= 2.0.0, < 2.4.0 | 2.4.0 |
Affected products
4- ghsa-coords3 versionspkg:maven/org.apache.tika/tika-corepkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.2
>= 1.17, < 1.28.2+ 2 more
- (no CPE)range: >= 1.17, < 1.28.2
- (no CPE)range: < 1.26-150200.3.8.1
- (no CPE)range: < 1.26-150300.4.3.1
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-qw3f-w4pf-jh5fghsaADVISORY
- github.com/advisories/GHSA-rpjm-422r-95mhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-30126ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/05/16/3ghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2022/05/31/2ghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2022/06/27/5ghsamailing-listx_refsource_MLISTWEB
- github.com/apache/tika/commit/83b0de4d60161ebd4bc224141a959ac8c18d95f4ghsaWEB
- github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265ghsaWEB
- github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51ghsaWEB
- lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4ghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220624-0004ghsaWEB
- security.netapp.com/advisory/ntap-20220624-0004/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.