Lucene search

K

ApacheCVELIST:CVE-2019-10093

HistoryAug 02, 2019 - 6:32 p.m.

CVE-2019-10093

2019-08-0218:32:41

apache

www.cve.org

5

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

77.0%

In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

CNA Affected

[
  {
    "product": "Apache Tika",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "1.19 to 1.21"
      }
    ]
  }
]

References

lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21%40%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E

lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

security.netapp.com/advisory/ntap-20190828-0004/

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujan2020.html

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

77.0%

Related for CVELIST:CVE-2019-10093

github1 osv2 ubuntucve1 veracode1 prion1 openvas1 nvd1 debiancve1 cve1 ibm3 nessus1 oracle2