CVE-2019-10093 – org.apache.tika:tika-parsers

Package

Manager: maven
Name: org.apache.tika:tika-parsers
Vulnerable Version: >=1.19 <1.22

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01451 pctl0.80041

Details

Allocation of Resources Without Limits or Throttling in Apache Tika In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

Metadata

Created: 2019-08-06T01:43:38Z
Modified: 2021-05-05T22:55:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-4mq5-mj59-qq9c/GHSA-4mq5-mj59-qq9c.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-4mq5-mj59-qq9c
Finding: F067
Auto approve: 1