Vulnerabilities > CVE-2022-30973 - Unspecified vulnerability in Apache Tika

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

apache

NVD

Published: 2022-05-31

Updated: 2022-10-27

Summary

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Tika 0.1 Apache Tika 0.2 Apache Tika 0.3 Apache Tika 0.4 Apache Tika 0.5 Apache Tika 0.6 Apache Tika 0.7 Apache Tika 0.8 Apache Tika 0.9 Apache Tika 0.10 Apache Tika 1.0 Apache Tika 1.1 Apache Tika 1.2 Apache Tika 1.3 Apache Tika 1.4 Apache Tika 1.5 Apache Tika 1.6 Apache Tika 1.7 Apache Tika 1.8 Apache Tika 1.9 Apache Tika 1.10 Apache Tika 1.11 Apache Tika 1.12 Apache Tika 1.13 Apache Tika 1.14 Apache Tika 1.15 Apache Tika 1.16 Apache Tika 1.17 Apache Tika 1.18 Apache Tika 1.19 Apache Tika 1.19.1 Apache Tika 1.20 Apache Tika 1.21 Apache Tika 1.22 Apache Tika 1.23 Apache Tika 1.24 Apache Tika 1.24.1 Apache Tika 1.25 Apache Tika 1.26 Apache Tika 1.27 Apache Tika 1.28 Apache Tika 1.28.1 Apache Tika 1.28.2	43

Summary

Vulnerable Configurations

References