Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2N3gtbTR3bS04N3Y4
Infinite loop in Apache Tika
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Permalink: https://github.com/advisories/GHSA-567x-m4wm-87v8JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2N3gtbTR3bS04N3Y4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: about 1 year ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Identifiers: GHSA-567x-m4wm-87v8, CVE-2021-28657
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-28657
- https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E
- https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210507-0004/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://github.com/advisories/GHSA-567x-m4wm-87v8
Affected Packages
maven:org.apache.tika:tika
Dependent packages: 1Dependent repositories: 56
Downloads:
Affected Version Ranges: < 1.25
Fixed in: 1.26
All affected versions: 1.19.1, 1.24.1
All unaffected versions: 1.28.1, 1.28.2, 1.28.3, 1.28.4, 1.28.5, 2.0.0, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.9.2