Описание
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.28.4 (исключая)Версия от 2.0.0 (включая) до 2.4.1 (исключая)
Одно из
cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00031
Низкий
3.3 Low
CVSS3
2.6 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 3.3
ubuntu
больше 3 лет назад
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
CVSS3: 3.3
debian
больше 3 лет назад
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in ...
CVSS3: 3.3
github
больше 3 лет назад
Apache Tika contains incomplete fix for regex DoS
EPSS
Процентиль: 8%
0.00031
Низкий
3.3 Low
CVSS3
2.6 Low
CVSS2
Дефекты
NVD-CWE-Other