Vulnerabilities > Apache > Tika
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-10093 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. | 6.5 |
| 2019-08-02 | CVE-2019-10088 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. | 8.8 |
| 2018-12-24 | CVE-2018-17197 | Infinite Loop vulnerability in Apache Tika A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. | 6.5 |
| 2018-10-09 | CVE-2018-11796 | XXE vulnerability in Apache Tika In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. | 7.5 |
| 2018-09-19 | CVE-2018-8017 | Infinite Loop vulnerability in Apache Tika In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. | 5.5 |
| 2018-09-19 | CVE-2018-11762 | Path Traversal vulnerability in Apache Tika In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. | 5.9 |
| 2018-09-19 | CVE-2018-11761 | XXE vulnerability in multiple products In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. | 7.5 |
| 2018-04-25 | CVE-2018-1339 | Infinite Loop vulnerability in Apache Tika A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. | 5.5 |
| 2018-04-25 | CVE-2018-1338 | Infinite Loop vulnerability in Apache Tika A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. | 5.5 |
| 2018-04-25 | CVE-2018-1335 | Unspecified vulnerability in Apache Tika From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. | 8.1 |