Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-10895

Upgrade to Tika 1.14

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 5.4.1, 6.6
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      "Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization."

      a few links:
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
      https://nvd.nist.gov/vuln/detail/CVE-2016-6809

      ******************

      This was originally reported by my employer's Security Analysis team.

      We are still on Solr 5.4.1. It would be good to know that this security issue could be fixed with an eventual Solr upgrade.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                igiguere Isabelle Giguere
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: