EPSS
Percentile
66.1%
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
bugzilla.redhat.com/show_bug.cgi?id=1632462
www.cve.org/CVERecord?id=CVE-2018-11761 https://nvd.nist.gov/vuln/detail/CVE-2018-11761