Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tika/tika-server@1.5

Type maven

Namespace org.apache.tika

Name tika-server

Version 1.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.28.4

Latest_non_vulnerable_version 2.4.1

Affected_by_vulnerabilities

url VCID-42ad-sh45-7fev

vulnerability_id VCID-42ad-sh45-7fev

summary

Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28657

reference_id

reference_type

scores

value	0.00221
scoring_system	epss
scoring_elements	0.44847
published_at	2026-06-05T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44778
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20210507-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210507-0004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1944881
reference_id	1944881
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1944881

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
reference_id	986805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28657

reference_id

CVE-2021-28657

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28657

reference_url	https://github.com/advisories/GHSA-567x-m4wm-87v8
reference_id	GHSA-567x-m4wm-87v8
reference_type
scores
url	https://github.com/advisories/GHSA-567x-m4wm-87v8

fixed_packages

url pkg:maven/org.apache.tika/tika-server@1.26

purl pkg:maven/org.apache.tika/tika-server@1.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-zj8z-ja31-mkcr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.26

aliases CVE-2021-28657, GHSA-567x-m4wm-87v8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42ad-sh45-7fev

url VCID-8qc9-3mxe-8ydp

vulnerability_id VCID-8qc9-3mxe-8ydp

summary The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-33879

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07949
published_at	2026-06-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07981
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-33879

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-33879

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-33879

reference_url

https://security.netapp.com/advisory/ntap-20220812-0004

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220812-0004

reference_url	https://security.netapp.com/advisory/ntap-20220812-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220812-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id	1015002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002

reference_url

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

reference_id

GHSA-6q8v-2hvm-fx37

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

reference_url	https://usn.ubuntu.com/7529-1/
reference_id	USN-7529-1
reference_type
scores
url	https://usn.ubuntu.com/7529-1/

fixed_packages

url	pkg:maven/org.apache.tika/tika-server@1.28.4
purl	pkg:maven/org.apache.tika/tika-server@1.28.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.28.4

url	pkg:maven/org.apache.tika/tika-server@2.4.1
purl	pkg:maven/org.apache.tika/tika-server@2.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@2.4.1

aliases CVE-2022-33879, GHSA-6q8v-2hvm-fx37

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qc9-3mxe-8ydp

url VCID-hvfw-yh4j-cqfm

vulnerability_id VCID-hvfw-yh4j-cqfm

summary

Exposure of Sensitive Information to an Unauthorized Actor
Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3271

reference_id

reference_type

scores

value	0.01074
scoring_system	epss
scoring_elements	0.78113
published_at	2026-06-04T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.7814
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3271

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url	https://github.com/apache/tika/commit/98672cdd92b6325ff78c763955a7c045b364095b
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/98672cdd92b6325ff78c763955a7c045b364095b

reference_url

https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8@1439485507@%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8@1439485507@%3Cdev.tika.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8%401439485507%40%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d2b3e7afb0251fac95fdee9817423cbc91e3d99a848c25a51d91c1e8%401439485507%40%3Cdev.tika.apache.org%3E

reference_url

http://www.openwall.com/lists/oss-security/2015/08/13/5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/08/13/5

reference_url

http://www.securityfocus.com/bid/95020

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95020

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3271

reference_id

CVE-2015-3271

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3271

reference_url

https://github.com/advisories/GHSA-ccjp-w723-2jf2

reference_id

GHSA-ccjp-w723-2jf2

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-ccjp-w723-2jf2

fixed_packages

url pkg:maven/org.apache.tika/tika-server@1.10

purl pkg:maven/org.apache.tika/tika-server@1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42ad-sh45-7fev

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-uyg4-mswu-s3f5

vulnerability	VCID-zj8z-ja31-mkcr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.10

aliases CVE-2015-3271, GHSA-ccjp-w723-2jf2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hvfw-yh4j-cqfm

url VCID-uyg4-mswu-s3f5

vulnerability_id VCID-uyg4-mswu-s3f5

summary

Code Injection
From Apache Tika, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.

references

reference_url

http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html

reference_url

https://access.redhat.com/errata/RHSA-2019:3140

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3140

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1335

reference_id

reference_type

scores

value	0.93876
scoring_system	epss
scoring_elements	0.99881
published_at	2026-06-05T12:55:00Z

value	0.93876
scoring_system	epss
scoring_elements	0.9988
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335

reference_url	https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869

reference_url	https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad

reference_url	https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1

reference_url	https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91

reference_url	https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7

reference_url	https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01

reference_url	https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51

reference_url

https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E

reference_url

https://www.exploit-db.com/exploits/46540

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/46540

reference_url	https://www.exploit-db.com/exploits/46540/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/46540/

reference_url

http://www.securityfocus.com/bid/104001

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/104001

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1572416
reference_id	1572416
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1572416

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py
reference_id	CVE-2018-1335
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb
reference_id	CVE-2018-1335
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1335

reference_id

CVE-2018-1335

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1335

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb
reference_id	CVE-2018-1335
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb

reference_url	https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
reference_id	CVE-2018-1335
reference_type	exploit
scores
url	https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/

reference_url

https://github.com/advisories/GHSA-9r24-gp44-h3pm

reference_id

GHSA-9r24-gp44-h3pm

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-9r24-gp44-h3pm

fixed_packages

url pkg:maven/org.apache.tika/tika-server@1.18

purl pkg:maven/org.apache.tika/tika-server@1.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42ad-sh45-7fev

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-zj8z-ja31-mkcr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.18

aliases CVE-2018-1335, GHSA-9r24-gp44-h3pm

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyg4-mswu-s3f5

url VCID-zj8z-ja31-mkcr

vulnerability_id VCID-zj8z-ja31-mkcr

summary tika-core: incomplete fix for CVE-2022-30126

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30973

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48449
published_at	2026-06-05T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48387
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30973

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-rpjm-422r-95mh

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rpjm-422r-95mh

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265

reference_url

https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51

reference_url

https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-30973

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-30973

reference_url

https://security.netapp.com/advisory/ntap-20220722-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220722-0004

reference_url	https://security.netapp.com/advisory/ntap-20220722-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220722-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/05/31/2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/31/2

reference_url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2099553
reference_id	2099553
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2099553

reference_url	https://access.redhat.com/errata/RHSA-2022:7257
reference_id	RHSA-2022:7257
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7257

reference_url	https://usn.ubuntu.com/7529-1/
reference_id	USN-7529-1
reference_type
scores
url	https://usn.ubuntu.com/7529-1/

fixed_packages

url pkg:maven/org.apache.tika/tika-server@1.28.3

purl pkg:maven/org.apache.tika/tika-server@1.28.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.28.3

aliases CVE-2022-30973, GHSA-qw3f-w4pf-jh5f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj8z-ja31-mkcr

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.5

Package Instance