GHSA-567x-m4wm-87v8

Опубликовано: 10 мая 2021

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

Infinite loop in Apache Tika

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Ссылки

Пакеты

Наименование

org.apache.tika:tika

maven

Затронутые версииВерсия исправления

< 1.25

1.26

EPSS

Процентиль: 45%

0.00221

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2021-28657

Дефекты

CWE-400

CWE-835

Связанные уязвимости

CVE-2021-28657

CVSS3: 5.5

ubuntu

почти 5 лет назад

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

CVE-2021-28657

CVSS3: 5.5

redhat

почти 5 лет назад

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

CVE-2021-28657

CVSS3: 5.5

nvd

почти 5 лет назад

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

CVE-2021-28657

CVSS3: 5.5

debian

почти 5 лет назад

A carefully crafted or corrupt file may trigger an infinite loop in Ti ...

EPSS

Процентиль: 45%

0.00221

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2021-28657

Дефекты

CWE-400

CWE-835