Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2561

Tika Parser includes oudated/vulnerable version of JSoup

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.17
    • Fix Version/s: 2.0, 1.18
    • Component/s: parser
    • Labels:
      None

      Description

      org.apache.tika:tika-parsers:1.17 pulls in dependency JSoup 1.7.2.

       

      JSoup versions older than 1.8.3 have a vulnerability in parsing.

       

      https://nvd.nist.gov/vuln/detail/CVE-2015-6748

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              aselamal Asela
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: