CVE-2022-30126

CWE-133315 documents8 sources
Severity
5.5MEDIUM
EPSS
1.3%
top 20.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Software Foundation Apache TikaApache TikaOracle Primavera Unifier
Timeline
PublishedMay 16
Latest updateMay 23

Description

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDapache/tika2.0.02.4.0+1
Mavenorg.apache.tika:tika-core1.171.28.2+1
CVEListV5apache_software_foundation/apache_tikaApache Tika2.4.1+1
Ubuntutika< 1.22-1ubuntu0.1~esm1+1
NVDoracle/primavera_unifier17.717.12+4

🔴Vulnerability Details

7
OSV
tika vulnerabilities2025-05-23
GHSA
Apache Tika contains incomplete fix for regex DoS2022-06-28
GHSA
Regular expression denial of service in apache tika2022-06-01
OSV
Regular expression denial of service in apache tika2022-05-17
GHSA
Regular expression denial of service in apache tika2022-05-17

📋Vendor Advisories

7
Ubuntu
Apache Tika vulnerabilities2025-05-23
Oracle
Oracle Oracle Communications Applications Risk Matrix: ISC (Apache Tika) — CVE-2022-301262023-01-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Security Framework (Apache Tika) — CVE-2022-301262022-10-15
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Document Management (Apache Tika) — CVE-2022-301262022-07-15
Red Hat
tika-core: incomplete fix for CVE-2022-301262022-05-31
CVE-2022-30126 (MEDIUM CVSS 5.5) | In Apache Tika | cvebase.io