1.11

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-09	CVE-2018-11796	XXE vulnerability in Apache Tika In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. network low complexity apache CWE-611	7.5
2018-09-19	CVE-2018-8017	Infinite Loop vulnerability in Apache Tika In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. local low complexity apache CWE-835	5.5
2018-09-19	CVE-2018-11762	Path Traversal vulnerability in Apache Tika In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. network high complexity apache CWE-22	5.9
2018-09-19	CVE-2018-11761	XXE vulnerability in multiple products In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. network low complexity apache oracle CWE-611	7.5
2018-04-25	CVE-2018-1339	Infinite Loop vulnerability in Apache Tika A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. local low complexity apache CWE-835	5.5
2018-04-25	CVE-2018-1338	Infinite Loop vulnerability in Apache Tika A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. local low complexity apache CWE-835	5.5
2018-04-25	CVE-2018-1335	Unspecified vulnerability in Apache Tika From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. network high complexity apache	8.1
2017-04-06	CVE-2016-6809	Deserialization of Untrusted Data vulnerability in Apache Nutch and Tika Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. network low complexity apache CWE-502 critical	9.8