Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.tika/tika-parsers@0.1

Type maven

Namespace org.apache.tika

Name tika-parsers

Version 0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.4.1

Latest_non_vulnerable_version 2.4.1

Affected_by_vulnerabilities

url VCID-98bu-vqgb-x7a8

vulnerability_id VCID-98bu-vqgb-x7a8

summary

Improper Restriction of XML External Entity Reference
In Apache Tika, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a DoS.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11761.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11761

reference_id

reference_type

scores

value	0.11027
scoring_system	epss
scoring_elements	0.93582
published_at	2026-06-08T12:55:00Z

value	0.11027
scoring_system	epss
scoring_elements	0.93584
published_at	2026-06-05T12:55:00Z

value	0.11027
scoring_system	epss
scoring_elements	0.93574
published_at	2026-06-04T12:55:00Z

value	0.11027
scoring_system	epss
scoring_elements	0.93585
published_at	2026-06-06T12:55:00Z

value	0.11027
scoring_system	epss
scoring_elements	0.93583
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11761

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
reference_id
reference_type
scores
url	https://github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63

reference_url

https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

http://www.securityfocus.com/bid/105514

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1632462
reference_id	1632462
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1632462

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11761

reference_id

CVE-2018-11761

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11761

reference_url

https://github.com/advisories/GHSA-6jq2-789q-fff2

reference_id

GHSA-6jq2-789q-fff2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6jq2-789q-fff2

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.19

purl pkg:maven/org.apache.tika/tika-parsers@1.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2yxn-wffn-x7gr

vulnerability	VCID-42ad-sh45-7fev

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-c7gc-egj2-2yb9

vulnerability	VCID-q319-5s6s-aqab

vulnerability	VCID-yetb-gykm-nyhf

vulnerability	VCID-yt8m-g5bf-wkf7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19

aliases CVE-2018-11761, GHSA-6jq2-789q-fff2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98bu-vqgb-x7a8

url VCID-c7gc-egj2-2yb9

vulnerability_id VCID-c7gc-egj2-2yb9

summary

Improper Restriction of XML External Entity Reference
Tika reuses SAXParsers and calls `reset()` after each parse; the parser ignores entity expansion limits after the first parse.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3892

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3892

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11796

reference_id

reference_type

scores

value	0.0394
scoring_system	epss
scoring_elements	0.88566
published_at	2026-06-07T12:55:00Z

value	0.0394
scoring_system	epss
scoring_elements	0.88547
published_at	2026-06-04T12:55:00Z

value	0.0394
scoring_system	epss
scoring_elements	0.88565
published_at	2026-06-08T12:55:00Z

value	0.0394
scoring_system	epss
scoring_elements	0.88567
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/tika

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tika

reference_url

https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20190903-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190903-0002

reference_url	https://security.netapp.com/advisory/ntap-20190903-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190903-0002/

reference_url

http://www.securityfocus.com/bid/105585

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105585

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1639090
reference_id	1639090
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1639090

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11796

reference_id

CVE-2018-11796

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11796

reference_url

https://github.com/advisories/GHSA-h8q5-g2cj-qr5h

reference_id

GHSA-h8q5-g2cj-qr5h

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h8q5-g2cj-qr5h

fixed_packages

url pkg:maven/org.apache.tika/tika-parsers@1.19.1

purl pkg:maven/org.apache.tika/tika-parsers@1.19.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2yxn-wffn-x7gr

vulnerability	VCID-42ad-sh45-7fev

vulnerability	VCID-8qc9-3mxe-8ydp

vulnerability	VCID-q319-5s6s-aqab

vulnerability	VCID-yetb-gykm-nyhf

vulnerability	VCID-yt8m-g5bf-wkf7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@1.19.1

aliases CVE-2018-11796, GHSA-h8q5-g2cj-qr5h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7gc-egj2-2yb9

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tika/tika-parsers@0.1

Package Instance