logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2016-6809 org.apache.tika:tika-core

Package

Manager: maven
Name: org.apache.tika:tika-core
Vulnerable Version: >=0 <1.14

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.09274 pctl0.92432

Details

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Metadata

Created: 2018-10-17T15:44:36Z
Modified: 2024-04-12T21:33:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-j8g6-2wh7-6439/GHSA-j8g6-2wh7-6439.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-j8g6-2wh7-6439
Finding: F096
Auto approve: 1