Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2952

Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.24
    • None
    • None

    Description

      We can see that metadata-extractor with version 2.11.0 is present in tika-bundle 1.22 jar. We can see that even latest metadata-extractor with version 2.12.0 is also vulnerable.

       

      So please confirm your side that "Is this vulnerability [CVE-2019-14262] is impacting to tika or not ?"

      Attachments

        1. TIKA-2952_draft.patch
          13 kB
          Tim Allison

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. TIKA-2956 Stack Overflow issue reported on metadata-extractor used version by Tika

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. TIKA-3051 [Dependency] Buffer Overflow in com.drewnoakes:metadata-extractor 2.11.0

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              tallison Tim Allison
              amanmishra Aman Mishra
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: