CVE-2022-30973

CWE-133310 documents7 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 47.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache TikaApache Software Foundation Apache Tika
Timeline
PublishedMay 31
Latest updateMay 23

Description

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDapache/tika< 1.28.3
Mavenorg.apache.tika:tika-core1.171.28.3
CVEListV5apache_software_foundation/apache_tikaApache Tika1.28.2
Ubuntutika< 1.22-1ubuntu0.1~esm1+1

🔴Vulnerability Details

6
OSV
tika vulnerabilities2025-05-23
GHSA
Apache Tika contains incomplete fix for regex DoS2022-06-28
OSV
Regular expression denial of service in apache tika2022-06-01
GHSA
Regular expression denial of service in apache tika2022-06-01
CVEList
Missing fix for CVE-2022-30126 in 1.28.22022-05-31

📋Vendor Advisories

3
Ubuntu
Apache Tika vulnerabilities2025-05-23
Red Hat
tika-core: incomplete fix for CVE-2022-301262022-05-31
Debian
CVE-2022-30973: tika - We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 re...2022
CVE-2022-30973 (MEDIUM CVSS 5.5) | We failed to apply the fix for CVE- | cvebase.io