GHSA-p699-3wgc-7h72

Опубликовано: 17 окт. 2018

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

org.apache.tika:tika-parsers has an Infinite Loop vulnerability

Versions of the package org.apache.tika:tika-parsers before version 1.18 are vulnerable to Denial of Service (DoS) via a carefully crafted (or fuzzed) file that can trigger an infinite loop via the ChmParser.

Ссылки

Пакеты

Наименование

org.apache.tika:tika-parsers

maven

Затронутые версииВерсия исправления

< 1.18

1.18

EPSS

Процентиль: 89%

0.04517

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2018-1339

Дефекты

CWE-835

Связанные уязвимости

CVE-2018-1339

CVSS3: 5.5

ubuntu

почти 8 лет назад

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

CVE-2018-1339

CVSS3: 6.5

redhat

почти 8 лет назад

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

CVE-2018-1339

CVSS3: 5.5

nvd

почти 8 лет назад

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

CVE-2018-1339

CVSS3: 5.5

debian

почти 8 лет назад

A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...

EPSS

Процентиль: 89%

0.04517

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2018-1339

Дефекты

CWE-835