Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55713?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55713?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.13", "type": "maven", "namespace": "org.apache.tika", "name": "tika-core", "version": "1.13", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.22", "latest_non_vulnerable_version": "3.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12295?format=api", "vulnerability_id": "VCID-1111-je65-yub2", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nA carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `BPGParser`.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2669", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03002", "scoring_system": "epss", "scoring_elements": "0.86808", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1338" }, { "reference_url": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338", "reference_id": "CVE-2018-1338", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338" }, { "reference_url": "https://github.com/advisories/GHSA-5mf7-26mw-3rqr", "reference_id": "GHSA-5mf7-26mw-3rqr", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mf7-26mw-3rqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55692?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-qmb4-tez4-zyaz" }, { "vulnerability": "VCID-uebs-ergb-kqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.18" } ], "aliases": [ "CVE-2018-1338", "GHSA-5mf7-26mw-3rqr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1111-je65-yub2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136358?format=api", "vulnerability_id": "VCID-2a1m-8b52-67e4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00546", "scoring_system": "epss", "scoring_elements": "0.68126", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10094" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933746", "reference_id": "933746", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933746" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10094", "reference_id": "CVE-2019-10094", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10094" }, { "reference_url": "https://github.com/advisories/GHSA-mm7m-xg4h-6m52", "reference_id": "GHSA-mm7m-xg4h-6m52", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mm7m-xg4h-6m52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74189?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.22" } ], "aliases": [ "CVE-2019-10094", "GHSA-mm7m-xg4h-6m52" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2a1m-8b52-67e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9796?format=api", "vulnerability_id": "VCID-63dx-psvd-syg3", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3140", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93876", "scoring_system": "epss", "scoring_elements": "0.99879", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1335" }, { "reference_url": "https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869" }, { "reference_url": "https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad" }, { "reference_url": "https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1" }, { "reference_url": "https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91" }, { "reference_url": "https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7" }, { "reference_url": "https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01" }, { "reference_url": "https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51" }, { "reference_url": "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://www.exploit-db.com/exploits/46540", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46540" }, { "reference_url": "https://www.exploit-db.com/exploits/46540/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46540/" }, { "reference_url": "http://www.securityfocus.com/bid/104001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/104001" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py", "reference_id": "CVE-2018-1335", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/46540.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb", "reference_id": "CVE-2018-1335", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/47208.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1335", "reference_id": "CVE-2018-1335", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1335" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb", "reference_id": "CVE-2018-1335", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/apache_tika_jp2_jscript.rb" }, { "reference_url": "https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/", "reference_id": "CVE-2018-1335", "reference_type": "exploit", "scores": [], "url": "https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/" }, { "reference_url": "https://github.com/advisories/GHSA-9r24-gp44-h3pm", "reference_id": "GHSA-9r24-gp44-h3pm", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9r24-gp44-h3pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55692?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-qmb4-tez4-zyaz" }, { "vulnerability": "VCID-uebs-ergb-kqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.18" } ], "aliases": [ "CVE-2018-1335", "GHSA-9r24-gp44-h3pm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63dx-psvd-syg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9936?format=api", "vulnerability_id": "VCID-afue-mktt-8bdd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11027", "scoring_system": "epss", "scoring_elements": "0.93557", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11761" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63" }, { "reference_url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "http://www.securityfocus.com/bid/105514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11761", "reference_id": "CVE-2018-11761", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11761" }, { "reference_url": "https://github.com/advisories/GHSA-6jq2-789q-fff2", "reference_id": "GHSA-6jq2-789q-fff2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6jq2-789q-fff2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55679?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-weue-en6t-7uam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.19.1" } ], "aliases": [ "CVE-2018-11761", "GHSA-6jq2-789q-fff2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afue-mktt-8bdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10191?format=api", "vulnerability_id": "VCID-azes-yhcs-cuen", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07049", "scoring_system": "epss", "scoring_elements": "0.91629", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6809" }, { "reference_url": "https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt" }, { "reference_url": "http://seclists.org/bugtraq/2016/Nov/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/bugtraq/2016/Nov/40" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610" }, { "reference_url": "https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/bid/94247", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94247" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6809", "reference_id": "CVE-2016-6809", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6809" }, { "reference_url": "https://github.com/advisories/GHSA-j8g6-2wh7-6439", "reference_id": "GHSA-j8g6-2wh7-6439", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j8g6-2wh7-6439" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55715?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1111-je65-yub2" }, { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-63dx-psvd-syg3" }, { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-qmb4-tez4-zyaz" }, { "vulnerability": "VCID-tepz-p727-b3ak" }, { "vulnerability": "VCID-uebs-ergb-kqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.14" } ], "aliases": [ "CVE-2016-6809", "GHSA-j8g6-2wh7-6439" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azes-yhcs-cuen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136353?format=api", "vulnerability_id": "VCID-fs97-qjcb-4uhq", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00989", "scoring_system": "epss", "scoring_elements": "0.77166", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/1c63555609b737c20d1bbfa4a3e73ec488e3408a84e2f5e47e1b7e08@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190828-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190828-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933744", "reference_id": "933744", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933744" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10088", "reference_id": "CVE-2019-10088", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10088" }, { "reference_url": "https://github.com/advisories/GHSA-mfwh-gqx8-c787", "reference_id": "GHSA-mfwh-gqx8-c787", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mfwh-gqx8-c787" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74189?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.22" } ], "aliases": [ "CVE-2019-10088", "GHSA-mfwh-gqx8-c787" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fs97-qjcb-4uhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12973?format=api", "vulnerability_id": "VCID-hkxq-6qn6-qbar", "summary": "Improper Restriction of XML External Entity Reference\nTika reuses SAXParsers and calls `reset()` after each parse; the parser ignores entity expansion limits after the first parse.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0394", "scoring_system": "epss", "scoring_elements": "0.88537", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190903-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190903-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190903-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190903-0002/" }, { "reference_url": "http://www.securityfocus.com/bid/105585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105585" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11796", "reference_id": "CVE-2018-11796", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11796" }, { "reference_url": "https://github.com/advisories/GHSA-h8q5-g2cj-qr5h", "reference_id": "GHSA-h8q5-g2cj-qr5h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h8q5-g2cj-qr5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55679?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-weue-en6t-7uam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.19.1" } ], "aliases": [ "CVE-2018-11796", "GHSA-h8q5-g2cj-qr5h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkxq-6qn6-qbar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9765?format=api", "vulnerability_id": "VCID-htes-xvfq-fkdt", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03108", "scoring_system": "epss", "scoring_elements": "0.87048", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17197" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/0c49c851979163334ea05cbebdd11ff87feba62d" }, { "reference_url": "https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7c021a4ea2037e52e74628e17e8e0e2acab1f447160edc8be0eae6d3@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.securityfocus.com/bid/106293", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106293" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17197", "reference_id": "CVE-2018-17197", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17197" }, { "reference_url": "https://github.com/advisories/GHSA-3448-vfvv-xp9g", "reference_id": "GHSA-3448-vfvv-xp9g", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3448-vfvv-xp9g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56231?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-weue-en6t-7uam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.20" } ], "aliases": [ "CVE-2018-17197", "GHSA-3448-vfvv-xp9g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htes-xvfq-fkdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21756?format=api", "vulnerability_id": "VCID-hyu9-rzgz-1yhw", "summary": "Apache Tika has XXE vulnerability\nCritical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.\n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.\n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.\n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66516.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.8188", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66516" }, { "reference_url": "https://cve.org/CVERecord?id=CVE-2025-54988", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/" } ], "url": "https://cve.org/CVERecord?id=CVE-2025-54988" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-15T04:56:02Z/" } ], "url": "https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954", "reference_id": "1121954", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121954" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418870", "reference_id": "2418870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418870" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516", "reference_id": "CVE-2025-66516", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66516" }, { "reference_url": "https://github.com/advisories/GHSA-f58c-gq56-vjjf", "reference_id": "GHSA-f58c-gq56-vjjf", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f58c-gq56-vjjf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23143", "reference_id": "RHSA-2025:23143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23225", "reference_id": "RHSA-2025:23225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23225" }, { "reference_url": "https://usn.ubuntu.com/8324-1/", "reference_id": "USN-8324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8324-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71598?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@3.2.2" } ], "aliases": [ "CVE-2025-66516", "GHSA-f58c-gq56-vjjf" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyu9-rzgz-1yhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10045?format=api", "vulnerability_id": "VCID-qmb4-tez4-zyaz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75451", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11762" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57" }, { "reference_url": "https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/bid/105515", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105515" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11762", "reference_id": "CVE-2018-11762", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11762" }, { "reference_url": "https://github.com/advisories/GHSA-w6g3-v46q-5p28", "reference_id": "GHSA-w6g3-v46q-5p28", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6g3-v46q-5p28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55720?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-weue-en6t-7uam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.19" } ], "aliases": [ "CVE-2018-11762", "GHSA-w6g3-v46q-5p28" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmb4-tez4-zyaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12292?format=api", "vulnerability_id": "VCID-tepz-p727-b3ak", "summary": "Loop with Unreachable Exit Condition (Infinite Loop)\nA carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `ChmParser`.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2669", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89328", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1339" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd" }, { "reference_url": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000", "reference_id": "900000", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1339", "reference_id": "CVE-2018-1339", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1339" }, { "reference_url": "https://github.com/advisories/GHSA-p699-3wgc-7h72", "reference_id": "GHSA-p699-3wgc-7h72", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p699-3wgc-7h72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55692?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-qmb4-tez4-zyaz" }, { "vulnerability": "VCID-uebs-ergb-kqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.18" } ], "aliases": [ "CVE-2018-1339", "GHSA-p699-3wgc-7h72" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tepz-p727-b3ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9801?format=api", "vulnerability_id": "VCID-uebs-ergb-kqet", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02108", "scoring_system": "epss", "scoring_elements": "0.84383", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/tika", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika" }, { "reference_url": "https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/62926cae31a02d4f23d21148435804b96c543cc" }, { "reference_url": "https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tika/commit/8a6a9e1344f5b10ebfa1a189dc3c30d0da2b9d4" }, { "reference_url": "https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/bid/105513", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105513" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643", "reference_id": "914643", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8017", "reference_id": "CVE-2018-8017", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8017" }, { "reference_url": "https://github.com/advisories/GHSA-j53j-gmr9-h8g3", "reference_id": "GHSA-j53j-gmr9-h8g3", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j53j-gmr9-h8g3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55720?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-weue-en6t-7uam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.19" } ], "aliases": [ "CVE-2018-8017", "GHSA-j53j-gmr9-h8g3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uebs-ergb-kqet" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11688?format=api", "vulnerability_id": "VCID-aqyj-2h89-pkcy", "summary": "Improper Restriction of XML External Entity Reference\nApache Tika does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0248.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61936", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4434" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://mail-archives.apache.org/mod_mbox/tika-dev/201605.mbox/%3C1705136517.1175366.1464278135251.JavaMail.yahoo%40mail.yahoo.com%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mail-archives.apache.org/mod_mbox/tika-dev/201605.mbox/%3C1705136517.1175366.1464278135251.JavaMail.yahoo%40mail.yahoo.com%3E" }, { "reference_url": "http://www.securityfocus.com/archive/1/538500/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/archive/1/538500/100/0/threaded" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825501", "reference_id": "825501", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4434", "reference_id": "CVE-2016-4434", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4434" }, { "reference_url": "https://github.com/advisories/GHSA-4xr4-4c65-hj7f", "reference_id": "GHSA-4xr4-4c65-hj7f", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4xr4-4c65-hj7f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55713?format=api", "purl": "pkg:maven/org.apache.tika/tika-core@1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1111-je65-yub2" }, { "vulnerability": "VCID-2a1m-8b52-67e4" }, { "vulnerability": "VCID-63dx-psvd-syg3" }, { "vulnerability": "VCID-afue-mktt-8bdd" }, { "vulnerability": "VCID-azes-yhcs-cuen" }, { "vulnerability": "VCID-fs97-qjcb-4uhq" }, { "vulnerability": "VCID-hkxq-6qn6-qbar" }, { "vulnerability": "VCID-htes-xvfq-fkdt" }, { "vulnerability": "VCID-hyu9-rzgz-1yhw" }, { "vulnerability": "VCID-qmb4-tez4-zyaz" }, { "vulnerability": "VCID-tepz-p727-b3ak" }, { "vulnerability": "VCID-uebs-ergb-kqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.13" } ], "aliases": [ "CVE-2016-4434", "GHSA-4xr4-4c65-hj7f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqyj-2h89-pkcy" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.13" }