CVE-2021-28657
published 2021-03-31CVE-2021-28657: A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tika | <= 1.25 | — |
| apache | tika | — | — |
| apache_software_foundation | apache_tika | >= Apache Tika < 1.26 | 1.26 |
| debian | tika | — | — |
| oracle | communications_messaging_server | — | — |
| oracle | healthcare_foundation | — | — |
| oracle | healthcare_foundation | — | — |
| oracle | healthcare_foundation | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | 17.7 – 17.12 | — |
| oracle | webcenter_portal | — | — |
| oracle | webcenter_portal | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM