Moderate severityNVD Advisory· Published May 31, 2022· Updated Aug 3, 2024
Missing fix for CVE-2022-30126 in 1.28.2
CVE-2022-30973
Description
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tika:tika-coreMaven | >= 1.17, < 1.28.3 | 1.28.3 |
Affected products
4- ghsa-coords3 versionspkg:maven/org.apache.tika/tika-corepkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/tika-core&distro=SUSE%20Manager%20Server%20Module%204.2
>= 1.17, < 1.28.3+ 2 more
- (no CPE)range: >= 1.17, < 1.28.3
- (no CPE)range: < 1.26-150200.3.8.1
- (no CPE)range: < 1.26-150300.4.3.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-qw3f-w4pf-jh5fghsaADVISORY
- github.com/advisories/GHSA-rpjm-422r-95mhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-30973ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/05/31/2ghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2022/06/27/5ghsamailing-listx_refsource_MLISTWEB
- github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265ghsaWEB
- github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51ghsaWEB
- lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7pghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220722-0004ghsaWEB
- security.netapp.com/advisory/ntap-20220722-0004/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.