Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.tika/tika-core@0.9
Typemaven
Namespaceorg.apache.tika
Nametika-core
Version0.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.22
Latest_non_vulnerable_version3.2.2
Affected_by_vulnerabilities
0
url VCID-1111-je65-yub2
vulnerability_id VCID-1111-je65-yub2
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `BPGParser`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1338
reference_id
reference_type
scores
0
value 0.03002
scoring_system epss
scoring_elements 0.86808
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1338
2
reference_url https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1338
reference_id CVE-2018-1338
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1338
4
reference_url https://github.com/advisories/GHSA-5mf7-26mw-3rqr
reference_id GHSA-5mf7-26mw-3rqr
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5mf7-26mw-3rqr
fixed_packages
0
url pkg:maven/org.apache.tika/tika-core@1.18
purl pkg:maven/org.apache.tika/tika-core@1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a1m-8b52-67e4
1
vulnerability VCID-afue-mktt-8bdd
2
vulnerability VCID-fs97-qjcb-4uhq
3
vulnerability VCID-hkxq-6qn6-qbar
4
vulnerability VCID-htes-xvfq-fkdt
5
vulnerability VCID-qmb4-tez4-zyaz
6
vulnerability VCID-uebs-ergb-kqet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.18
aliases CVE-2018-1338, GHSA-5mf7-26mw-3rqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1111-je65-yub2
1
url VCID-afue-mktt-8bdd
vulnerability_id VCID-afue-mktt-8bdd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11761
reference_id
reference_type
scores
0
value 0.11027
scoring_system epss
scoring_elements 0.93557
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11761
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
3
reference_url https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
5
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
6
reference_url http://www.securityfocus.com/bid/105514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105514
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11761
reference_id CVE-2018-11761
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11761
8
reference_url https://github.com/advisories/GHSA-6jq2-789q-fff2
reference_id GHSA-6jq2-789q-fff2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6jq2-789q-fff2
fixed_packages
0
url pkg:maven/org.apache.tika/tika-core@1.19.1
purl pkg:maven/org.apache.tika/tika-core@1.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a1m-8b52-67e4
1
vulnerability VCID-fs97-qjcb-4uhq
2
vulnerability VCID-htes-xvfq-fkdt
3
vulnerability VCID-weue-en6t-7uam
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.19.1
aliases CVE-2018-11761, GHSA-6jq2-789q-fff2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afue-mktt-8bdd
2
url VCID-aqyj-2h89-pkcy
vulnerability_id VCID-aqyj-2h89-pkcy
summary 
Improper Restriction of XML External Entity Reference
Apache Tika does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-0248.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0248.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2017-0249.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0249.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2017-0272.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2017-0272.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4434
reference_id
reference_type
scores
0
value 0.00415
scoring_system epss
scoring_elements 0.61936
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4434
4
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
5
reference_url https://mail-archives.apache.org/mod_mbox/tika-dev/201605.mbox/%3C1705136517.1175366.1464278135251.JavaMail.yahoo%40mail.yahoo.com%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/tika-dev/201605.mbox/%3C1705136517.1175366.1464278135251.JavaMail.yahoo%40mail.yahoo.com%3E
6
reference_url http://www.securityfocus.com/archive/1/538500/100/0/threaded
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/538500/100/0/threaded
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825501
reference_id 825501
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825501
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4434
reference_id CVE-2016-4434
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4434
9
reference_url https://github.com/advisories/GHSA-4xr4-4c65-hj7f
reference_id GHSA-4xr4-4c65-hj7f
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4xr4-4c65-hj7f
fixed_packages
0
url pkg:maven/org.apache.tika/tika-core@1.13
purl pkg:maven/org.apache.tika/tika-core@1.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1111-je65-yub2
1
vulnerability VCID-2a1m-8b52-67e4
2
vulnerability VCID-63dx-psvd-syg3
3
vulnerability VCID-afue-mktt-8bdd
4
vulnerability VCID-azes-yhcs-cuen
5
vulnerability VCID-fs97-qjcb-4uhq
6
vulnerability VCID-hkxq-6qn6-qbar
7
vulnerability VCID-htes-xvfq-fkdt
8
vulnerability VCID-hyu9-rzgz-1yhw
9
vulnerability VCID-qmb4-tez4-zyaz
10
vulnerability VCID-tepz-p727-b3ak
11
vulnerability VCID-uebs-ergb-kqet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.13
aliases CVE-2016-4434, GHSA-4xr4-4c65-hj7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aqyj-2h89-pkcy
3
url VCID-azes-yhcs-cuen
vulnerability_id VCID-azes-yhcs-cuen
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6809
reference_id
reference_type
scores
0
value 0.07049
scoring_system epss
scoring_elements 0.91629
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6809
1
reference_url https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt
2
reference_url http://seclists.org/bugtraq/2016/Nov/40
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/bugtraq/2016/Nov/40
3
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
4
reference_url https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/8a68b5d474205cc91cbbb610d4a1c05af57f0610
5
reference_url https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a@%3Cdev.nutch.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9@%3Cuser.nutch.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78@%3Cdev.lucene.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6@%3Cissues.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f@%3Cissues.lucene.apache.org%3E
10
reference_url http://www.securityfocus.com/bid/94247
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94247
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6809
reference_id CVE-2016-6809
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6809
12
reference_url https://github.com/advisories/GHSA-j8g6-2wh7-6439
reference_id GHSA-j8g6-2wh7-6439
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j8g6-2wh7-6439
fixed_packages
0
url pkg:maven/org.apache.tika/tika-core@1.14
purl pkg:maven/org.apache.tika/tika-core@1.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1111-je65-yub2
1
vulnerability VCID-2a1m-8b52-67e4
2
vulnerability VCID-63dx-psvd-syg3
3
vulnerability VCID-afue-mktt-8bdd
4
vulnerability VCID-fs97-qjcb-4uhq
5
vulnerability VCID-hkxq-6qn6-qbar
6
vulnerability VCID-htes-xvfq-fkdt
7
vulnerability VCID-qmb4-tez4-zyaz
8
vulnerability VCID-tepz-p727-b3ak
9
vulnerability VCID-uebs-ergb-kqet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.14
aliases CVE-2016-6809, GHSA-j8g6-2wh7-6439
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azes-yhcs-cuen
4
url VCID-hkxq-6qn6-qbar
vulnerability_id VCID-hkxq-6qn6-qbar
summary 
Improper Restriction of XML External Entity Reference
Tika reuses SAXParsers and calls `reset()` after each parse; the parser ignores entity expansion limits after the first parse.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11796
reference_id
reference_type
scores
0
value 0.0394
scoring_system epss
scoring_elements 0.88537
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11796
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
4
reference_url https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
5
reference_url https://security.netapp.com/advisory/ntap-20190903-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190903-0002
6
reference_url https://security.netapp.com/advisory/ntap-20190903-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190903-0002/
7
reference_url http://www.securityfocus.com/bid/105585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105585
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11796
reference_id CVE-2018-11796
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11796
9
reference_url https://github.com/advisories/GHSA-h8q5-g2cj-qr5h
reference_id GHSA-h8q5-g2cj-qr5h
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h8q5-g2cj-qr5h
fixed_packages
0
url pkg:maven/org.apache.tika/tika-core@1.19.1
purl pkg:maven/org.apache.tika/tika-core@1.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a1m-8b52-67e4
1
vulnerability VCID-fs97-qjcb-4uhq
2
vulnerability VCID-htes-xvfq-fkdt
3
vulnerability VCID-weue-en6t-7uam
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.19.1
aliases CVE-2018-11796, GHSA-h8q5-g2cj-qr5h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkxq-6qn6-qbar
5
url VCID-qmb4-tez4-zyaz
vulnerability_id VCID-qmb4-tez4-zyaz
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11762
reference_id
reference_type
scores
0
value 0.00866
scoring_system epss
scoring_elements 0.75451
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11762
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57
reference_id
reference_type
scores
url https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57
3
reference_url https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E
4
reference_url http://www.securityfocus.com/bid/105515
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105515
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11762
reference_id CVE-2018-11762
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11762
6
reference_url https://github.com/advisories/GHSA-w6g3-v46q-5p28
reference_id GHSA-w6g3-v46q-5p28
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w6g3-v46q-5p28
fixed_packages
0
url pkg:maven/org.apache.tika/tika-core@1.19
purl pkg:maven/org.apache.tika/tika-core@1.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a1m-8b52-67e4
1
vulnerability VCID-afue-mktt-8bdd
2
vulnerability VCID-fs97-qjcb-4uhq
3
vulnerability VCID-hkxq-6qn6-qbar
4
vulnerability VCID-htes-xvfq-fkdt
5
vulnerability VCID-weue-en6t-7uam
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.19
aliases CVE-2018-11762, GHSA-w6g3-v46q-5p28
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmb4-tez4-zyaz
6
url VCID-tepz-p727-b3ak
vulnerability_id VCID-tepz-p727-b3ak
summary 
Loop with Unreachable Exit Condition (Infinite Loop)
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika `ChmParser`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1339
reference_id
reference_type
scores
0
value 0.04517
scoring_system epss
scoring_elements 0.89328
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1339
2
reference_url https://github.com/apache/tika
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika
3
reference_url https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/tika/commit/1b6ca3685c196cfd89f5f95c19cc919ce10c5aff#diff-43f8cbe58aaab159ce88bd95fafc46dd
4
reference_url https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000
reference_id 900000
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900000
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1339
reference_id CVE-2018-1339
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1339
7
reference_url https://github.com/advisories/GHSA-p699-3wgc-7h72
reference_id GHSA-p699-3wgc-7h72
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p699-3wgc-7h72
fixed_packages
0
url pkg:maven/org.apache.tika/tika-core@1.18
purl pkg:maven/org.apache.tika/tika-core@1.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2a1m-8b52-67e4
1
vulnerability VCID-afue-mktt-8bdd
2
vulnerability VCID-fs97-qjcb-4uhq
3
vulnerability VCID-hkxq-6qn6-qbar
4
vulnerability VCID-htes-xvfq-fkdt
5
vulnerability VCID-qmb4-tez4-zyaz
6
vulnerability VCID-uebs-ergb-kqet
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@1.18
aliases CVE-2018-1339, GHSA-p699-3wgc-7h72
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tepz-p727-b3ak
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-core@0.9