CVE-2021-28657 Vulnerability in maven package org.apache.tika:tika-parsers

Description

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

Remediation

References

https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E

https://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3E

https://security.netapp.com/advisory/ntap-20210507-0004/

https://www.oracle.com/security-alerts/cpuapr2022.html

https://www.oracle.com/security-alerts/cpuoct2021.html

Related Vulnerabilities

CVE-2020-2269 Vulnerability in maven package org.jenkins-ci.plugins:chosen-views-tabbar

CVE-2021-37695 Vulnerability in maven package org.webjars.npm:ckeditor4

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-common

CVE-2022-40664 Vulnerability in maven package org.apache.shiro:shiro-core

CVE-2020-2262 Vulnerability in maven package org.jenkins-ci.plugins:android-lint

Severity

Medium

Classification

CWE-835 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H