Apache tika-app is vulnerable to arbitrary file overwrite. An input file that has an embedded file containing an absolute path such as C:/evil.dll
will cause the application to overwrite the file when the extract directory tag --extract-dir=
is not specified on the commandline.