Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Bug
-
1.20
-
None
-
None
Description
org.apache.tika:tika-parsers:1.20 depending on boilerpipe, which the dependency reflections uses.
https://nvd.nist.gov/vuln/detail/CVE-2018-16481
Current Description
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
==========================
[info] de.l3s.boilerpipe:boilerpipe:1.1.0
[info] +-org.apache.tika:tika-parsers:1.20