tika-core is vulnerable to denial of service (DoS) attacks. The vulnerability exists due to the lack of default limit to the number of entity expansions that could occur, allowing DoS attacks.
www.securityfocus.com/bid/105514
github.com/apache/tika/commit/bd9d75d8b0a85af2937047bfad04288c3044b2a6
lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html