CVE-2022-30126

Summary

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache TikaApache Tika <= 1.28.1affected

Weaknesses

  • Denial of Service

Workarounds

Upgrade to 1.28.2 or 2.4.0

ADP Enrichment

CVE Program Container

Additional References

References