Apache Any23: Possible excessive allocation of resources reading input.
CVE-2023-34150

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Any23
Vendor: CVE Published:; 5 July 2023

Summary

** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

Affected Version(s)

Apache Any23 0 <= 2.7

References

https://lists.apache.org/thread/713tk23khbtbg940pb2ql8ggd...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 5, 2023
Vulnerability Reserved
May 28, 2023

Credit

Liran Mendelovich

.