CVE-2018-11761
published 2018-09-19CVE-2018-11761: In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tika | — | — |
| apache | tika | >= 0 < 1.20-1 | 1.20-1 |
| apache | tika | 0.1 – 1.18 | — |
| apache | tika | 0.1 – 1.19 | — |
| apache_software_foundation | apache_tika | — | — |
| debian | tika | < tika 1.20-1 (bullseye) | tika 1.20-1 (bullseye) |
| debian | tika | — | — |
| oracle | business_process_management_suite | — | — |
| oracle | business_process_management_suite | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH