CVE-2022-30126
published 2022-05-31CVE-2022-30126: We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tika | < 1.28.3 | 1.28.3 |
| apache | tika | < 1.28.4 | 1.28.4 |
| apache | tika | >= 0 < 1.22-1ubuntu0.1~esm1 | 1.22-1ubuntu0.1~esm1 |
| apache | tika | >= 0 < 1.22-2ubuntu0.22.04.1~esm1 | 1.22-2ubuntu0.22.04.1~esm1 |
| apache | tika | >= 2.0.0 < 2.4.1 | 2.4.1 |
| apache | tika | >= 2.0.0 < 2.4.0 | 2.4.0 |
| apache_software_foundation | apache_tika | >= Apache Tika < 2.4.1 | 2.4.1 |
| debian | tika | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | 17.7 – 17.12 | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ghsa5.5MEDIUM
osv5.5MEDIUM