oss-sec mailing list archives
CVE-2022-30126: Apache Tika Regular Expression Denial of Service in Standards Extractor
From: Tim Allison <tallison () apache org>
Date: Mon, 16 May 2022 16:45:13 +0000
Severity: low Description: A regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 Mitigation: Upgrade to 1.28.2 or 2.4.0 Credit: This issue was discovered and reported by the CodeQL team members [@atorralba (Tony Torralba)](https://github.com/atorralba) and [@joefarebrother (Joseph Farebrother)](https://github.com/joefarebrother).
Current thread:
- CVE-2022-30126: Apache Tika Regular Expression Denial of Service in Standards Extractor Tim Allison (May 16)