[JAMES-2634] Tika 1.19.x is vulnerable to CVE-2017-17197 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.0
Component/s: None
Labels:
- documentation
- security

Description

[CVE-2018-17197] Apache Tika Denial of Service – Infinite Loop in Tika's SQLite3Parser

A carefully crafted or corrupt sqlite file can cause an infinite loop
in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

Thus we should recommend using Tika up version 1.20 in James documentation and rely on this version in our tests.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Benoit Tellier

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 02/Jan/19 04:27

Updated:: 02/Jan/19 10:37

Resolved:: 02/Jan/19 10:37