CVE-2019-10093

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tika
Vendor: CVE Published:; 2 August 2019

Summary

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

Affected Version(s)

Apache Tika 1.19 to 1.21

References

https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d...

x_refsource_CONFIRM

https://lists.apache.org/thread.html/fb6c84fd387de997e5e3...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/da9ee189d1756f8508d0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2019
Vulnerability Reserved
Mar 26, 2019