Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57238?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57238?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.8", "type": "maven", "namespace": "org.apache.tika", "name": "tika-parsers", "version": "1.8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.1", "latest_non_vulnerable_version": "2.4.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40554?format=api", "vulnerability_id": "VCID-2yxn-wffn-x7gr", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nA carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's `SQLite3Parser`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03108", "scoring_system": "epss", "scoring_elements": "0.87083", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03108", "scoring_system": "epss", "scoring_elements": "0.87061", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d" }, { "reference_url": "https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.securityfocus.com/bid/106293", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106293" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663925", "reference_id": "1663925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663925" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17197", "reference_id": "CVE-2018-17197", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17197" }, { "reference_url": "https://github.com/advisories/GHSA-3448-vfvv-xp9g", "reference_id": "GHSA-3448-vfvv-xp9g", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3448-vfvv-xp9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57239?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42ad-sh45-7fev" }, { "vulnerability": "VCID-8qc9-3mxe-8ydp" }, { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-yetb-gykm-nyhf" }, { "vulnerability": "VCID-yt8m-g5bf-wkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.20" } ], "aliases": [ "CVE-2018-17197", "GHSA-3448-vfvv-xp9g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yxn-wffn-x7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54294?format=api", "vulnerability_id": "VCID-42ad-sh45-7fev", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nA carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44847", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44778", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210507-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210507-0004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944881", "reference_id": "1944881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944881" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805", "reference_id": "986805", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28657", "reference_id": "CVE-2021-28657", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28657" }, { "reference_url": "https://github.com/advisories/GHSA-567x-m4wm-87v8", "reference_id": "GHSA-567x-m4wm-87v8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-567x-m4wm-87v8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80168?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8qc9-3mxe-8ydp" }, { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-yetb-gykm-nyhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.26" } ], "aliases": [ "CVE-2021-28657", "GHSA-567x-m4wm-87v8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42ad-sh45-7fev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39587?format=api", "vulnerability_id": "VCID-7d9k-ekje-fbe1", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nA carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `ChmParser`.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2669", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1339.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1339.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89358", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89339", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1339" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd" }, { "reference_url": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572424", "reference_id": "1572424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572424" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000", "reference_id": "900000", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1339", "reference_id": "CVE-2018-1339", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1339" }, { "reference_url": "https://github.com/advisories/GHSA-p699-3wgc-7h72", "reference_id": "GHSA-p699-3wgc-7h72", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p699-3wgc-7h72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55407?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yxn-wffn-x7gr" }, { "vulnerability": "VCID-42ad-sh45-7fev" }, { "vulnerability": "VCID-8qc9-3mxe-8ydp" }, { "vulnerability": "VCID-98bu-vqgb-x7a8" }, { "vulnerability": "VCID-c7gc-egj2-2yb9" }, { "vulnerability": "VCID-jyak-stwf-f3gw" }, { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-yetb-gykm-nyhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.18" } ], "aliases": [ "CVE-2018-1339", "GHSA-p699-3wgc-7h72" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7d9k-ekje-fbe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38535?format=api", "vulnerability_id": "VCID-7snd-ac5u-bydy", "summary": "Deserialization of Untrusted Data\nApache Tika allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes `JMatIO` to do native deserialization.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07049", "scoring_system": "epss", "scoring_elements": "0.91658", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07049", "scoring_system": "epss", "scoring_elements": "0.91646", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809" }, { "reference_url": "https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt" }, { "reference_url": "http://seclists.org/bugtraq/2016/Nov/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/bugtraq/2016/Nov/40" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610" }, { "reference_url": "https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/bid/94247", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94247" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394156", "reference_id": "1394156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394156" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6809", "reference_id": "CVE-2016-6809", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6809" }, { "reference_url": "https://github.com/advisories/GHSA-j8g6-2wh7-6439", "reference_id": "GHSA-j8g6-2wh7-6439", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j8g6-2wh7-6439" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53424?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yxn-wffn-x7gr" }, { "vulnerability": "VCID-42ad-sh45-7fev" }, { "vulnerability": "VCID-7d9k-ekje-fbe1" }, { "vulnerability": "VCID-8qc9-3mxe-8ydp" }, { "vulnerability": "VCID-98bu-vqgb-x7a8" }, { "vulnerability": "VCID-c7gc-egj2-2yb9" }, { "vulnerability": "VCID-jyak-stwf-f3gw" }, { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-x3y9-rbfc-47b8" }, { "vulnerability": "VCID-yetb-gykm-nyhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.14" } ], "aliases": [ "CVE-2016-6809", "GHSA-j8g6-2wh7-6439" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7snd-ac5u-bydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102853?format=api", "vulnerability_id": "VCID-8qc9-3mxe-8ydp", "summary": "The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07949", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07981", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33879", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33879" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220812-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220812-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220812-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220812-0004/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/27/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/27/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002", "reference_id": "1015002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002" }, { "reference_url": "https://github.com/advisories/GHSA-6q8v-2hvm-fx37", "reference_id": "GHSA-6q8v-2hvm-fx37", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6q8v-2hvm-fx37" }, { "reference_url": "https://usn.ubuntu.com/7529-1/", "reference_id": "USN-7529-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7529-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/503946?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.28.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-yetb-gykm-nyhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.28.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/503947?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@2.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@2.4.1" } ], "aliases": [ "CVE-2022-33879", "GHSA-6q8v-2hvm-fx37" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qc9-3mxe-8ydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40254?format=api", "vulnerability_id": "VCID-98bu-vqgb-x7a8", "summary": "Improper Restriction of XML External Entity Reference\nIn Apache Tika, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a DoS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11027", "scoring_system": "epss", "scoring_elements": "0.93574", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11027", "scoring_system": "epss", "scoring_elements": "0.93584", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63" }, { "reference_url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "http://www.securityfocus.com/bid/105514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105514" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632462", "reference_id": "1632462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632462" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11761", "reference_id": "CVE-2018-11761", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11761" }, { "reference_url": "https://github.com/advisories/GHSA-6jq2-789q-fff2", "reference_id": "GHSA-6jq2-789q-fff2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6jq2-789q-fff2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56472?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yxn-wffn-x7gr" }, { "vulnerability": "VCID-42ad-sh45-7fev" }, { "vulnerability": "VCID-8qc9-3mxe-8ydp" }, { "vulnerability": "VCID-c7gc-egj2-2yb9" }, { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-yetb-gykm-nyhf" }, { "vulnerability": "VCID-yt8m-g5bf-wkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19" } ], "aliases": [ "CVE-2018-11761", "GHSA-6jq2-789q-fff2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98bu-vqgb-x7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40278?format=api", "vulnerability_id": "VCID-c7gc-egj2-2yb9", "summary": "Improper Restriction of XML External Entity Reference\nTika reuses SAXParsers and calls `reset()` after each parse; the parser ignores entity expansion limits after the first parse.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0394", "scoring_system": "epss", "scoring_elements": "0.88565", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0394", "scoring_system": "epss", "scoring_elements": "0.88547", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190903-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190903-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190903-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190903-0002/" }, { "reference_url": "http://www.securityfocus.com/bid/105585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105585" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639090", "reference_id": "1639090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", "reference_id": "CVE-2018-11796", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11796" }, { "reference_url": "https://github.com/advisories/GHSA-h8q5-g2cj-qr5h", "reference_id": "GHSA-h8q5-g2cj-qr5h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8q5-g2cj-qr5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56525?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yxn-wffn-x7gr" }, { "vulnerability": "VCID-42ad-sh45-7fev" }, { "vulnerability": "VCID-8qc9-3mxe-8ydp" }, { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-yetb-gykm-nyhf" }, { "vulnerability": "VCID-yt8m-g5bf-wkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19.1" } ], "aliases": [ "CVE-2018-11796", "GHSA-h8q5-g2cj-qr5h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c7gc-egj2-2yb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40256?format=api", "vulnerability_id": "VCID-jyak-stwf-f3gw", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nIn Apache Tikato, a carefully crafted file can trigger an infinite loop in the `IptcAnpaParser`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02108", "scoring_system": "epss", "scoring_elements": "0.84414", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02108", "scoring_system": "epss", "scoring_elements": "0.84438", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc" }, { "reference_url": "https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4" }, { "reference_url": "https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/bid/105513", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632466", "reference_id": "1632466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632466" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643", "reference_id": "914643", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8017", "reference_id": "CVE-2018-8017", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8017" }, { "reference_url": "https://github.com/advisories/GHSA-j53j-gmr9-h8g3", "reference_id": "GHSA-j53j-gmr9-h8g3", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j53j-gmr9-h8g3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56472?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yxn-wffn-x7gr" }, { "vulnerability": "VCID-42ad-sh45-7fev" }, { "vulnerability": "VCID-8qc9-3mxe-8ydp" }, { "vulnerability": "VCID-c7gc-egj2-2yb9" }, { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-yetb-gykm-nyhf" }, { "vulnerability": "VCID-yt8m-g5bf-wkf7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19" } ], "aliases": [ "CVE-2018-8017", "GHSA-j53j-gmr9-h8g3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyak-stwf-f3gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39591?format=api", "vulnerability_id": "VCID-x3y9-rbfc-47b8", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nA carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `BPGParser`.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2669", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1338.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1338.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03002", "scoring_system": "epss", "scoring_elements": "0.86848", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03002", "scoring_system": "epss", "scoring_elements": "0.86826", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1338" }, { "reference_url": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572421", "reference_id": "1572421", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572421" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338", "reference_id": "CVE-2018-1338", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338" }, { "reference_url": "https://github.com/advisories/GHSA-5mf7-26mw-3rqr", "reference_id": "GHSA-5mf7-26mw-3rqr", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mf7-26mw-3rqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55407?format=api", "purl": "pkg:maven/org.apache.tika/tika-parsers@1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2yxn-wffn-x7gr" }, { "vulnerability": "VCID-42ad-sh45-7fev" }, { "vulnerability": "VCID-8qc9-3mxe-8ydp" }, { "vulnerability": "VCID-98bu-vqgb-x7a8" }, { "vulnerability": "VCID-c7gc-egj2-2yb9" }, { "vulnerability": "VCID-jyak-stwf-f3gw" }, { "vulnerability": "VCID-q319-5s6s-aqab" }, { "vulnerability": "VCID-yetb-gykm-nyhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.18" } ], "aliases": [ "CVE-2018-1338", "GHSA-5mf7-26mw-3rqr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x3y9-rbfc-47b8" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.8" }