VYPR

apk package

wolfi/apache-tika-3.0-compat

pkg:apk/wolfi/apache-tika-3.0-compat

Vulnerabilities (5)

  • CVE-2025-68161Dec 18, 2025
    affected < 3.0.0-r20fixed 3.0.0-r20

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co

  • CVE-2025-66516Dec 4, 2025
    affected < 3.0.0-r18fixed 3.0.0-r18

    Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability

  • CVE-2025-48795Jul 15, 2025
    affected < 3.0.0-r16fixed 3.0.0-r16

    Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing

  • CVE-2025-48924Jul 11, 2025
    affected < 3.0.0-r14fixed 3.0.0-r14

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr

  • CVE-2025-23184Jan 21, 2025
    affected < 3.0.0-r9fixed 3.0.0-r9

    A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and client