VulnerableCode Package Details - pkg:maven/org.apache.tika/tika-server@1.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.tika/tika-server@1.2

Essentials
History (5)

purl	pkg:maven/org.apache.tika/tika-server@1.2

Next non-vulnerable version	1.28.4
Latest non-vulnerable version	2.4.1
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-42ad-sh45-7fev Aliases: CVE-2021-28657 GHSA-567x-m4wm-87v8	Loop with Unreachable Exit Condition (Infinite Loop) A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser	1.26 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8qc9-3mxe-8ydp Aliases: CVE-2022-33879 GHSA-6q8v-2hvm-fx37	The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.	1.28.4 Affected by 0 other vulnerabilities. 2.4.1 Affected by 0 other vulnerabilities.
VCID-hvfw-yh4j-cqfm Aliases: CVE-2015-3271 GHSA-ccjp-w723-2jf2	Exposure of Sensitive Information to an Unauthorized Actor Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.	1.10 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uyg4-mswu-s3f5 Aliases: CVE-2018-1335 GHSA-9r24-gp44-h3pm	Code Injection From Apache Tika, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.	1.18 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zj8z-ja31-mkcr Aliases: CVE-2022-30973 GHSA-qw3f-w4pf-jh5f	tika-core: incomplete fix for CVE-2022-30126	1.28.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T02:39:19.623507+00:00	GitLab Importer	Affected by	VCID-8qc9-3mxe-8ydp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-server/CVE-2022-33879.yml	38.6.0
2026-06-06T02:34:36.567933+00:00	GitLab Importer	Affected by	VCID-zj8z-ja31-mkcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-server/CVE-2022-30973.yml	38.6.0
2026-06-04T20:48:02.759692+00:00	GitLab Importer	Affected by	VCID-42ad-sh45-7fev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-server/CVE-2021-28657.yml	38.6.0
2026-06-04T20:16:09.141067+00:00	GitLab Importer	Affected by	VCID-hvfw-yh4j-cqfm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-server/CVE-2015-3271.yml	38.6.0
2026-06-04T20:11:56.641181+00:00	GitLab Importer	Affected by	VCID-uyg4-mswu-s3f5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tika/tika-server/CVE-2018-1335.yml	38.6.0