Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-2634

Tika 1.19.x is vulnerable to CVE-2017-17197

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.0
    • Component/s: None

      Description

      [CVE-2018-17197] Apache Tika Denial of Service – Infinite Loop in Tika's SQLite3Parser

      A carefully crafted or corrupt sqlite file can cause an infinite loop
      in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.

      Thus we should recommend using Tika up version 1.20 in James documentation and rely on this version in our tests.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              btellier Benoit Tellier
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: