Search for packages
| purl | pkg:maven/org.apache.tika/tika-bundle@1.13 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-42ad-sh45-7fev
Aliases: CVE-2021-28657 GHSA-567x-m4wm-87v8 |
Loop with Unreachable Exit Condition (Infinite Loop) A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser |
Affected by 1 other vulnerability. |
|
VCID-8qc9-3mxe-8ydp
Aliases: CVE-2022-33879 GHSA-6q8v-2hvm-fx37 |
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-b19y-wyyt-4ff9 | Improper Restriction of XML External Entity Reference Apache Tika does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. |
CVE-2016-4434
GHSA-4xr4-4c65-hj7f |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T02:39:20.438469+00:00 | GitLab Importer | Affected by | VCID-8qc9-3mxe-8ydp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-bundle/CVE-2022-33879.yml | 38.6.0 |
| 2026-06-04T20:48:03.409411+00:00 | GitLab Importer | Affected by | VCID-42ad-sh45-7fev | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-bundle/CVE-2021-28657.yml | 38.6.0 |
| 2026-06-02T04:37:08.633802+00:00 | GitLab Importer | Fixing | VCID-b19y-wyyt-4ff9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-bundle/CVE-2016-4434.yml | 38.6.0 |