Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-uyg4-mswu-s3f5
Summary
Code Injection
From Apache Tika, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
Aliases
0
alias CVE-2018-1335
1
alias GHSA-9r24-gp44-h3pm
Fixed_packages
0
url pkg:deb/debian/tika@1.18-1?distro=sid
purl pkg:deb/debian/tika@1.18-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.18-1%3Fdistro=sid
1
url pkg:deb/debian/tika@1.20-1
purl pkg:deb/debian/tika@1.20-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-dc2n-xs2k-abbz
2
vulnerability VCID-q319-5s6s-aqab
3
vulnerability VCID-r5jk-9f46-rygg
4
vulnerability VCID-uj1b-pk9r-ryhz
5
vulnerability VCID-yetb-gykm-nyhf
6
vulnerability VCID-yt8m-g5bf-wkf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.20-1
2
url pkg:deb/debian/tika@1.22-2?distro=sid
purl pkg:deb/debian/tika@1.22-2?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q319-5s6s-aqab
1
vulnerability VCID-yetb-gykm-nyhf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.22-2%3Fdistro=sid
3
url pkg:maven/org.apache.tika/tika-core@1.18
purl pkg:maven/org.apache.tika/tika-core@1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-8qc9-3mxe-8ydp
4
vulnerability VCID-98bu-vqgb-x7a8
5
vulnerability VCID-c7gc-egj2-2yb9
6
vulnerability VCID-dc2n-xs2k-abbz
7
vulnerability VCID-en59-hstj-8kc1
8
vulnerability VCID-j6j1-yp44-hqdt
9
vulnerability VCID-jyak-stwf-f3gw
10
vulnerability VCID-q319-5s6s-aqab
11
vulnerability VCID-r5jk-9f46-rygg
12
vulnerability VCID-uj1b-pk9r-ryhz
13
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.18
4
url pkg:maven/org.apache.tika/tika-server@1.18
purl pkg:maven/org.apache.tika/tika-server@1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.18
Affected_packages
0
url pkg:deb/debian/tika@1.5-1
purl pkg:deb/debian/tika@1.5-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-7d9k-ekje-fbe1
3
vulnerability VCID-7snd-ac5u-bydy
4
vulnerability VCID-98bu-vqgb-x7a8
5
vulnerability VCID-b19y-wyyt-4ff9
6
vulnerability VCID-dc2n-xs2k-abbz
7
vulnerability VCID-j6j1-yp44-hqdt
8
vulnerability VCID-jyak-stwf-f3gw
9
vulnerability VCID-q319-5s6s-aqab
10
vulnerability VCID-r5jk-9f46-rygg
11
vulnerability VCID-uj1b-pk9r-ryhz
12
vulnerability VCID-uyg4-mswu-s3f5
13
vulnerability VCID-x3y9-rbfc-47b8
14
vulnerability VCID-yetb-gykm-nyhf
15
vulnerability VCID-yt8m-g5bf-wkf7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tika@1.5-1
1
url pkg:maven/org.apache.tika/tika-core@1.7
purl pkg:maven/org.apache.tika/tika-core@1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-42ad-sh45-7fev
2
vulnerability VCID-7d9k-ekje-fbe1
3
vulnerability VCID-7snd-ac5u-bydy
4
vulnerability VCID-8qc9-3mxe-8ydp
5
vulnerability VCID-98bu-vqgb-x7a8
6
vulnerability VCID-b19y-wyyt-4ff9
7
vulnerability VCID-c7gc-egj2-2yb9
8
vulnerability VCID-dc2n-xs2k-abbz
9
vulnerability VCID-j6j1-yp44-hqdt
10
vulnerability VCID-jyak-stwf-f3gw
11
vulnerability VCID-r5jk-9f46-rygg
12
vulnerability VCID-uj1b-pk9r-ryhz
13
vulnerability VCID-uyg4-mswu-s3f5
14
vulnerability VCID-x3y9-rbfc-47b8
15
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.7
2
url pkg:maven/org.apache.tika/tika-core@1.8
purl pkg:maven/org.apache.tika/tika-core@1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-7snd-ac5u-bydy
5
vulnerability VCID-8qc9-3mxe-8ydp
6
vulnerability VCID-98bu-vqgb-x7a8
7
vulnerability VCID-b19y-wyyt-4ff9
8
vulnerability VCID-c7gc-egj2-2yb9
9
vulnerability VCID-dc2n-xs2k-abbz
10
vulnerability VCID-j6j1-yp44-hqdt
11
vulnerability VCID-jyak-stwf-f3gw
12
vulnerability VCID-r5jk-9f46-rygg
13
vulnerability VCID-uj1b-pk9r-ryhz
14
vulnerability VCID-uyg4-mswu-s3f5
15
vulnerability VCID-x3y9-rbfc-47b8
16
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.8
3
url pkg:maven/org.apache.tika/tika-core@1.9
purl pkg:maven/org.apache.tika/tika-core@1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-7snd-ac5u-bydy
5
vulnerability VCID-8qc9-3mxe-8ydp
6
vulnerability VCID-98bu-vqgb-x7a8
7
vulnerability VCID-b19y-wyyt-4ff9
8
vulnerability VCID-c7gc-egj2-2yb9
9
vulnerability VCID-dc2n-xs2k-abbz
10
vulnerability VCID-j6j1-yp44-hqdt
11
vulnerability VCID-jyak-stwf-f3gw
12
vulnerability VCID-r5jk-9f46-rygg
13
vulnerability VCID-uj1b-pk9r-ryhz
14
vulnerability VCID-uyg4-mswu-s3f5
15
vulnerability VCID-x3y9-rbfc-47b8
16
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.9
4
url pkg:maven/org.apache.tika/tika-core@1.10
purl pkg:maven/org.apache.tika/tika-core@1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-7snd-ac5u-bydy
5
vulnerability VCID-8qc9-3mxe-8ydp
6
vulnerability VCID-98bu-vqgb-x7a8
7
vulnerability VCID-b19y-wyyt-4ff9
8
vulnerability VCID-c7gc-egj2-2yb9
9
vulnerability VCID-dc2n-xs2k-abbz
10
vulnerability VCID-j6j1-yp44-hqdt
11
vulnerability VCID-jyak-stwf-f3gw
12
vulnerability VCID-r5jk-9f46-rygg
13
vulnerability VCID-uj1b-pk9r-ryhz
14
vulnerability VCID-uyg4-mswu-s3f5
15
vulnerability VCID-x3y9-rbfc-47b8
16
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.10
5
url pkg:maven/org.apache.tika/tika-core@1.11
purl pkg:maven/org.apache.tika/tika-core@1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-7snd-ac5u-bydy
5
vulnerability VCID-8qc9-3mxe-8ydp
6
vulnerability VCID-98bu-vqgb-x7a8
7
vulnerability VCID-b19y-wyyt-4ff9
8
vulnerability VCID-c7gc-egj2-2yb9
9
vulnerability VCID-dc2n-xs2k-abbz
10
vulnerability VCID-j6j1-yp44-hqdt
11
vulnerability VCID-jyak-stwf-f3gw
12
vulnerability VCID-r5jk-9f46-rygg
13
vulnerability VCID-uj1b-pk9r-ryhz
14
vulnerability VCID-uyg4-mswu-s3f5
15
vulnerability VCID-x3y9-rbfc-47b8
16
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.11
6
url pkg:maven/org.apache.tika/tika-core@1.12
purl pkg:maven/org.apache.tika/tika-core@1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-7snd-ac5u-bydy
5
vulnerability VCID-8qc9-3mxe-8ydp
6
vulnerability VCID-98bu-vqgb-x7a8
7
vulnerability VCID-b19y-wyyt-4ff9
8
vulnerability VCID-c7gc-egj2-2yb9
9
vulnerability VCID-dc2n-xs2k-abbz
10
vulnerability VCID-j6j1-yp44-hqdt
11
vulnerability VCID-jyak-stwf-f3gw
12
vulnerability VCID-r5jk-9f46-rygg
13
vulnerability VCID-uj1b-pk9r-ryhz
14
vulnerability VCID-uyg4-mswu-s3f5
15
vulnerability VCID-x3y9-rbfc-47b8
16
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.12
7
url pkg:maven/org.apache.tika/tika-core@1.13
purl pkg:maven/org.apache.tika/tika-core@1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-7snd-ac5u-bydy
5
vulnerability VCID-8qc9-3mxe-8ydp
6
vulnerability VCID-98bu-vqgb-x7a8
7
vulnerability VCID-c7gc-egj2-2yb9
8
vulnerability VCID-dc2n-xs2k-abbz
9
vulnerability VCID-j6j1-yp44-hqdt
10
vulnerability VCID-jyak-stwf-f3gw
11
vulnerability VCID-q319-5s6s-aqab
12
vulnerability VCID-r5jk-9f46-rygg
13
vulnerability VCID-uj1b-pk9r-ryhz
14
vulnerability VCID-uyg4-mswu-s3f5
15
vulnerability VCID-x3y9-rbfc-47b8
16
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.13
8
url pkg:maven/org.apache.tika/tika-core@1.14
purl pkg:maven/org.apache.tika/tika-core@1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-8qc9-3mxe-8ydp
5
vulnerability VCID-98bu-vqgb-x7a8
6
vulnerability VCID-c7gc-egj2-2yb9
7
vulnerability VCID-dc2n-xs2k-abbz
8
vulnerability VCID-j6j1-yp44-hqdt
9
vulnerability VCID-jyak-stwf-f3gw
10
vulnerability VCID-q319-5s6s-aqab
11
vulnerability VCID-r5jk-9f46-rygg
12
vulnerability VCID-uj1b-pk9r-ryhz
13
vulnerability VCID-uyg4-mswu-s3f5
14
vulnerability VCID-x3y9-rbfc-47b8
15
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.14
9
url pkg:maven/org.apache.tika/tika-core@1.15
purl pkg:maven/org.apache.tika/tika-core@1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-8qc9-3mxe-8ydp
5
vulnerability VCID-98bu-vqgb-x7a8
6
vulnerability VCID-c7gc-egj2-2yb9
7
vulnerability VCID-dc2n-xs2k-abbz
8
vulnerability VCID-j6j1-yp44-hqdt
9
vulnerability VCID-jyak-stwf-f3gw
10
vulnerability VCID-q319-5s6s-aqab
11
vulnerability VCID-r5jk-9f46-rygg
12
vulnerability VCID-uj1b-pk9r-ryhz
13
vulnerability VCID-uyg4-mswu-s3f5
14
vulnerability VCID-x3y9-rbfc-47b8
15
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.15
10
url pkg:maven/org.apache.tika/tika-core@1.16
purl pkg:maven/org.apache.tika/tika-core@1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-8qc9-3mxe-8ydp
5
vulnerability VCID-98bu-vqgb-x7a8
6
vulnerability VCID-c7gc-egj2-2yb9
7
vulnerability VCID-dc2n-xs2k-abbz
8
vulnerability VCID-j6j1-yp44-hqdt
9
vulnerability VCID-jyak-stwf-f3gw
10
vulnerability VCID-q319-5s6s-aqab
11
vulnerability VCID-r5jk-9f46-rygg
12
vulnerability VCID-uj1b-pk9r-ryhz
13
vulnerability VCID-uyg4-mswu-s3f5
14
vulnerability VCID-x3y9-rbfc-47b8
15
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.16
11
url pkg:maven/org.apache.tika/tika-core@1.17
purl pkg:maven/org.apache.tika/tika-core@1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yb7-v3m7-3ffz
1
vulnerability VCID-2yxn-wffn-x7gr
2
vulnerability VCID-42ad-sh45-7fev
3
vulnerability VCID-7d9k-ekje-fbe1
4
vulnerability VCID-8qc9-3mxe-8ydp
5
vulnerability VCID-98bu-vqgb-x7a8
6
vulnerability VCID-c7gc-egj2-2yb9
7
vulnerability VCID-dc2n-xs2k-abbz
8
vulnerability VCID-en59-hstj-8kc1
9
vulnerability VCID-j6j1-yp44-hqdt
10
vulnerability VCID-jyak-stwf-f3gw
11
vulnerability VCID-q319-5s6s-aqab
12
vulnerability VCID-r5jk-9f46-rygg
13
vulnerability VCID-uj1b-pk9r-ryhz
14
vulnerability VCID-uyg4-mswu-s3f5
15
vulnerability VCID-x3y9-rbfc-47b8
16
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.17
12
url pkg:maven/org.apache.tika/tika-server@1.2
purl pkg:maven/org.apache.tika/tika-server@1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-hvfw-yh4j-cqfm
3
vulnerability VCID-uyg4-mswu-s3f5
4
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.2
13
url pkg:maven/org.apache.tika/tika-server@1.3
purl pkg:maven/org.apache.tika/tika-server@1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-hvfw-yh4j-cqfm
3
vulnerability VCID-uyg4-mswu-s3f5
4
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.3
14
url pkg:maven/org.apache.tika/tika-server@1.4
purl pkg:maven/org.apache.tika/tika-server@1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-hvfw-yh4j-cqfm
3
vulnerability VCID-uyg4-mswu-s3f5
4
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.4
15
url pkg:maven/org.apache.tika/tika-server@1.5
purl pkg:maven/org.apache.tika/tika-server@1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-hvfw-yh4j-cqfm
3
vulnerability VCID-uyg4-mswu-s3f5
4
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.5
16
url pkg:maven/org.apache.tika/tika-server@1.6
purl pkg:maven/org.apache.tika/tika-server@1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-hvfw-yh4j-cqfm
3
vulnerability VCID-uyg4-mswu-s3f5
4
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.6
17
url pkg:maven/org.apache.tika/tika-server@1.7
purl pkg:maven/org.apache.tika/tika-server@1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-hvfw-yh4j-cqfm
3
vulnerability VCID-uyg4-mswu-s3f5
4
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.7
18
url pkg:maven/org.apache.tika/tika-server@1.8
purl pkg:maven/org.apache.tika/tika-server@1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-hvfw-yh4j-cqfm
3
vulnerability VCID-uyg4-mswu-s3f5
4
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.8
19
url pkg:maven/org.apache.tika/tika-server@1.9
purl pkg:maven/org.apache.tika/tika-server@1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-hvfw-yh4j-cqfm
3
vulnerability VCID-uyg4-mswu-s3f5
4
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.9
20
url pkg:maven/org.apache.tika/tika-server@1.10
purl pkg:maven/org.apache.tika/tika-server@1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-uyg4-mswu-s3f5
3
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.10
21
url pkg:maven/org.apache.tika/tika-server@1.11
purl pkg:maven/org.apache.tika/tika-server@1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-uyg4-mswu-s3f5
3
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.11
22
url pkg:maven/org.apache.tika/tika-server@1.12
purl pkg:maven/org.apache.tika/tika-server@1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-uyg4-mswu-s3f5
3
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.12
23
url pkg:maven/org.apache.tika/tika-server@1.13
purl pkg:maven/org.apache.tika/tika-server@1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-uyg4-mswu-s3f5
3
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.13
24
url pkg:maven/org.apache.tika/tika-server@1.14
purl pkg:maven/org.apache.tika/tika-server@1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-uyg4-mswu-s3f5
3
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.14
25
url pkg:maven/org.apache.tika/tika-server@1.15
purl pkg:maven/org.apache.tika/tika-server@1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-uyg4-mswu-s3f5
3
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.15
26
url pkg:maven/org.apache.tika/tika-server@1.16
purl pkg:maven/org.apache.tika/tika-server@1.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-uyg4-mswu-s3f5
3
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.16
27
url pkg:maven/org.apache.tika/tika-server@1.17
purl pkg:maven/org.apache.tika/tika-server@1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42ad-sh45-7fev
1
vulnerability VCID-8qc9-3mxe-8ydp
2
vulnerability VCID-uyg4-mswu-s3f5
3
vulnerability VCID-zj8z-ja31-mkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-server@1.17
References
0
reference_url http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:3140
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3140
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1335.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1335
reference_id
reference_type
scores
0
value 0.93876
scoring_system epss
scoring_elements 0.99881
published_at 2026-06-08T12:55:00Z
1
value 0.93876
scoring_system epss
scoring_elements 0.9988
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1335
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1335
5
reference_url https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869
6
reference_url https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad
7
reference_url https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1
8
reference_url https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91
9
reference_url https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7
10
reference_url https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01
11
reference_url https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51
12
reference_url https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E
13
reference_url https://www.exploit-db.com/exploits/46540
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46540
14
reference_url https://www.exploit-db.com/exploits/46540/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46540/
15
reference_url http://www.securityfocus.com/bid/104001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104001
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1572416
reference_id 1572416
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1572416
17
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py
reference_id CVE-2018-1335
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb
reference_id CVE-2018-1335
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1335
reference_id CVE-2018-1335
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1335
20
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb
reference_id CVE-2018-1335
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb
21
reference_url https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
reference_id CVE-2018-1335
reference_type exploit
scores
url https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
22
reference_url https://github.com/advisories/GHSA-9r24-gp44-h3pm
reference_id GHSA-9r24-gp44-h3pm
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9r24-gp44-h3pm
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Exploits
0
date_added null
description 
This module exploits a command injection vulnerability in Apache
          Tika 1.15 - 1.17 on Windows.  A file with the image/jp2 content-type is
          used to bypass magic bytes checking.  When OCR is specified in the
          request, parameters can be passed to change the parameters passed
          at command line to allow for arbitrary JScript to execute. A
          JScript stub is passed to execute arbitrary code. This module was
          verified against version 1.15 - 1.17 on Windows 2012.
          While the CVE and finding show more versions vulnerable, during
          testing it was determined only > 1.14 was exploitable due to
          jp2 support being added.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2018-04-25
exploit_type null
platform Windows
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb
1
date_added 2019-03-13
description Apache Tika-server < 1.18 - Command Injection
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2019-03-13
exploit_type remote
platform windows
source_date_updated 2019-08-05
data_source Exploit-DB
source_url https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
Severity_range_score7.0 - 8.9
Exploitability2.0
Weighted_severity8.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-uyg4-mswu-s3f5