Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
5.4.1, 6.6
-
None
-
None
-
None
Description
"Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization."
a few links:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
https://nvd.nist.gov/vuln/detail/CVE-2016-6809
******************
This was originally reported by my employer's Security Analysis team.
We are still on Solr 5.4.1. It would be good to know that this security issue could be fixed with an eventual Solr upgrade.
Attachments
Issue Links
- duplicates
-
SOLR-9552 Upgrade to Tika 1.14 when available
- Resolved
-
SOLR-10335 Upgrade to Tika 1.16 when available
- Closed
Thanks for reporting Isabelle, there is already a Jira issue for this upgrade. Feel free to comment there.