VYPR

apk package

chainguard/apache-tika-2.9-compat

pkg:apk/chainguard/apache-tika-2.9-compat

Vulnerabilities (5)

  • CVE-2025-66516Dec 4, 2025
    affected < 2.9.4-r5fixed 2.9.4-r5

    Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability

  • CVE-2025-48795Jul 15, 2025
    affected < 2.9.4-r3fixed 2.9.4-r3

    Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing

  • CVE-2025-48924Jul 11, 2025
    affected < 2.9.4-r1fixed 2.9.4-r1

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr

  • CVE-2025-23184Jan 21, 2025
    affected < 2.9.2-r5fixed 2.9.2-r5

    A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and client

  • CVE-2024-8184Oct 14, 2024
    affected < 2.9.2-r1fixed 2.9.2-r1

    There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's