Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 5.4.1, 6.6
    • None
    • None
    • None

    Description

      "Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization."

      a few links:
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
      https://nvd.nist.gov/vuln/detail/CVE-2016-6809

      ******************

      This was originally reported by my employer's Security Analysis team.

      We are still on Solr 5.4.1. It would be good to know that this security issue could be fixed with an eventual Solr upgrade.

      Attachments

        Issue Links

          Activity

            Thanks for reporting Isabelle, there is already a Jira issue for this upgrade. Feel free to comment there.

            tflobbe Tomas Eduardo Fernandez Lobbe added a comment - Thanks for reporting Isabelle, there is already a Jira issue for this upgrade. Feel free to comment there.

            Sorry for the duplicate, and thanks for the links. I didn't see it in my search results.

            igiguere Isabelle Giguere added a comment - Sorry for the duplicate, and thanks for the links. I didn't see it in my search results.

            People

              Unassigned Unassigned
              igiguere Isabelle Giguere
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: