Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-30973

Опубликовано: 31 мая 2022
Источник: redhat
CVSS3: 3.1

Описание

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6tika-coreOut of support scope
Red Hat build of Quarkustika-coreNot affected
Red Hat Fuse 7tika-coreFix deferred
Red Hat Integration Camel Quarkus 1tika-coreFix deferred
Red Hat JBoss BRMS 5tika-coreOut of support scope
Red Hat JBoss BRMS 6tika-coreOut of support scope
Red Hat JBoss Data Virtualization 6tika-coreOut of support scope
Red Hat JBoss Fuse 6tika-coreOut of support scope
Red Hat JBoss Fuse Service Works 6tika-coreOut of support scope
RHINT Camel-K 1.8.1tika-coreFixedRHSA-2022:725727.10.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2099553tika-core: incomplete fix for CVE-2022-30126

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-30973

CVSS3: 5.5
ubuntu
больше 3 лет назад

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.

nvd логотип

CVE-2022-30973

CVSS3: 5.5
nvd
больше 3 лет назад

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.

debian логотип

CVE-2022-30973

CVSS3: 5.5
debian
больше 3 лет назад

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the ...

github логотип

GHSA-qw3f-w4pf-jh5f

CVSS3: 5.5
github
больше 3 лет назад

Regular expression denial of service in apache tika

3.1 Low

CVSS3