Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tika/tika@1.26

Type maven

Namespace org.apache.tika

Name tika

Version 1.26

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.28.4

Latest_non_vulnerable_version 2.4.1

Affected_by_vulnerabilities

url VCID-8qc9-3mxe-8ydp

vulnerability_id VCID-8qc9-3mxe-8ydp

summary The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-33879

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07996
published_at	2026-06-06T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07949
published_at	2026-06-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07981
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-33879

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33879

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/wfno8mf5nlcvbs78z93q9thgrm30wwfh

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-33879

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-33879

reference_url

https://security.netapp.com/advisory/ntap-20220812-0004

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220812-0004

reference_url	https://security.netapp.com/advisory/ntap-20220812-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220812-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id	1015002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002

reference_url

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

reference_id

GHSA-6q8v-2hvm-fx37

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6q8v-2hvm-fx37

reference_url	https://usn.ubuntu.com/7529-1/
reference_id	USN-7529-1
reference_type
scores
url	https://usn.ubuntu.com/7529-1/

fixed_packages

url	pkg:maven/org.apache.tika/tika@1.28.4
purl	pkg:maven/org.apache.tika/tika@1.28.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@1.28.4

url	pkg:maven/org.apache.tika/tika@2.4.1
purl	pkg:maven/org.apache.tika/tika@2.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@2.4.1

aliases CVE-2022-33879, GHSA-6q8v-2hvm-fx37

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qc9-3mxe-8ydp

url VCID-en59-hstj-8kc1

vulnerability_id VCID-en59-hstj-8kc1

summary tika-core: Regular Expression Denial of Service in standards extractor

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30126.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30126.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30126

reference_id

reference_type

scores

value	0.00536
scoring_system	epss
scoring_elements	0.67852
published_at	2026-06-05T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67859
published_at	2026-06-06T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67812
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30126

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-qw3f-w4pf-jh5f

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-qw3f-w4pf-jh5f

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://github.com/apache/tika/commit/83b0de4d60161ebd4bc224141a959ac8c18d95f4

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/83b0de4d60161ebd4bc224141a959ac8c18d95f4

reference_url

https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265

reference_url

https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51

reference_url

https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/dh3syg68nxogbmlg13srd6gjn3h2z6r4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-30126

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-30126

reference_url

https://security.netapp.com/advisory/ntap-20220624-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220624-0004

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

http://www.openwall.com/lists/oss-security/2022/05/16/3

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/16/3

reference_url

http://www.openwall.com/lists/oss-security/2022/05/31/2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/31/2

reference_url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id	1015002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2088523
reference_id	2088523
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2088523

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://usn.ubuntu.com/7529-1/
reference_id	USN-7529-1
reference_type
scores
url	https://usn.ubuntu.com/7529-1/

fixed_packages

url pkg:maven/org.apache.tika/tika@1.28.2

purl pkg:maven/org.apache.tika/tika@1.28.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-zj8z-ja31-mkcr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@1.28.2

url pkg:maven/org.apache.tika/tika@2.4.0

purl pkg:maven/org.apache.tika/tika@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@2.4.0

aliases CVE-2022-30126, GHSA-rpjm-422r-95mh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-en59-hstj-8kc1

url VCID-eu4h-uqdw-n7ez

vulnerability_id VCID-eu4h-uqdw-n7ez

summary

Allocation of Resources Without Limits or Throttling
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25169

reference_id

reference_type

scores

value	0.0027
scoring_system	epss
scoring_elements	0.50726
published_at	2026-06-05T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50732
published_at	2026-06-06T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50665
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25169

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/t3tb51sf0k2pmbnzsrrrm23z9r1c10rk

reference_url

https://security.netapp.com/advisory/ntap-20220804-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220804-0004

reference_url	https://security.netapp.com/advisory/ntap-20220804-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220804-0004/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

http://www.openwall.com/lists/oss-security/2022/05/16/4

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/16/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002
reference_id	1015002
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015002

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25169

reference_id

CVE-2022-25169

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25169

reference_url	https://github.com/advisories/GHSA-7qcq-xp2f-56f6
reference_id	GHSA-7qcq-xp2f-56f6
reference_type
scores
url	https://github.com/advisories/GHSA-7qcq-xp2f-56f6

fixed_packages

url pkg:maven/org.apache.tika/tika@1.28.2

purl pkg:maven/org.apache.tika/tika@1.28.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-zj8z-ja31-mkcr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@1.28.2

url pkg:maven/org.apache.tika/tika@2.4.0

purl pkg:maven/org.apache.tika/tika@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@2.4.0

aliases CVE-2022-25169, GHSA-7qcq-xp2f-56f6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eu4h-uqdw-n7ez

url VCID-zj8z-ja31-mkcr

vulnerability_id VCID-zj8z-ja31-mkcr

summary tika-core: incomplete fix for CVE-2022-30126

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30973.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30973

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48455
published_at	2026-06-06T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48387
published_at	2026-06-04T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48449
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30973

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-rpjm-422r-95mh

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rpjm-422r-95mh

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/a36711610fa1f6f5ba0f594803415af795e0b265

reference_url

https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika/commit/e76302196ebcafb7b51fce37fbe8256e6c0fbc51

reference_url

https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/gqvb5t4p7tmdpl0y5bdbf72pgxj04h7p

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-30973

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-30973

reference_url

https://security.netapp.com/advisory/ntap-20220722-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220722-0004

reference_url	https://security.netapp.com/advisory/ntap-20220722-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220722-0004/

reference_url

http://www.openwall.com/lists/oss-security/2022/05/31/2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/05/31/2

reference_url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/06/27/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2099553
reference_id	2099553
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2099553

reference_url	https://access.redhat.com/errata/RHSA-2022:7257
reference_id	RHSA-2022:7257
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7257

reference_url	https://usn.ubuntu.com/7529-1/
reference_id	USN-7529-1
reference_type
scores
url	https://usn.ubuntu.com/7529-1/

fixed_packages

url pkg:maven/org.apache.tika/tika@1.28.3

purl pkg:maven/org.apache.tika/tika@1.28.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@1.28.3

aliases CVE-2022-30973, GHSA-qw3f-w4pf-jh5f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj8z-ja31-mkcr

Fixing_vulnerabilities

url VCID-42ad-sh45-7fev

vulnerability_id VCID-42ad-sh45-7fev

summary

Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28657.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28657

reference_id

reference_type

scores

value	0.00221
scoring_system	epss
scoring_elements	0.44853
published_at	2026-06-06T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44778
published_at	2026-06-04T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44847
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b@%3Cnotifications.james.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20210507-0004

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210507-0004

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1944881
reference_id	1944881
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1944881

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805
reference_id	986805
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986805

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-28657

reference_id

CVE-2021-28657

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-28657

reference_url	https://github.com/advisories/GHSA-567x-m4wm-87v8
reference_id	GHSA-567x-m4wm-87v8
reference_type
scores
url	https://github.com/advisories/GHSA-567x-m4wm-87v8

fixed_packages

url pkg:maven/org.apache.tika/tika@1.26

purl pkg:maven/org.apache.tika/tika@1.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-en59-hstj-8kc1

vulnerability	VCID-eu4h-uqdw-n7ez

vulnerability	VCID-zj8z-ja31-mkcr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@1.26

aliases CVE-2021-28657, GHSA-567x-m4wm-87v8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42ad-sh45-7fev

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika@1.26

Package Instance