CVE-2019-10093

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10093

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10093.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-10093

Aliases

GHSA-4mq5-mj59-qq9c

Related

Published

2019-08-02T19:15:11Z

Modified

2025-01-08T05:35:37.492835Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

References

Affected packages

Debian:11 / tika

Package

Name: tika
Purl: pkg:deb/debian/tika?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/tika

Affected ranges

Type: GIT
Repo: https://github.com/apache/tika
Events: Introduced

199112bde63e64af3de7ec8c98475907e7513128

Last affected

7d4dd43eb40a500663b2bdd38f0a9ccb0569c1d7

Affected versions

1.*

1.19

1.19.1

1.19.1-rc1

1.20

1.21