CVE-2019-10093

CWE-770 — Allocation without Limits8 documents7 sources

Severity

6.5MEDIUM

EPSS

1.5%

top 19.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tika Apache Apache Tika

Timeline

PublishedAug 2

Latest updateDec 2

Description

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶Mavenorg.apache.tika:tika-parsers1.19 — 1.22

▶NVDapache/tika1.19 — 1.21

▶CVEListV5apache/apache_tika1.19 to 1.21

▶Debiantika< 1.22-1

🔴Vulnerability Details

GHSA

Allocation of Resources Without Limits or Throttling in Apache Tika↗2019-08-06

▶

OSV

Allocation of Resources Without Limits or Throttling in Apache Tika↗2019-08-06

▶

CVEList

CVE-2019-10093: In Apache Tika 1↗2019-08-02

▶

OSV

CVE-2019-10093: In Apache Tika 1↗2019-08-02

▶

📋Vendor Advisories

Debian

CVE-2019-10093: tika - In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could con...↗2019

▶

Apache

Apache tika: CVE-2019-10093↗

▶

💬Community

Bugzilla

CVE-2019-10093 tika: arefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to DoS↗2019-12-02

▶