[TIKA-2829] Security Vulnerability in boilerpipe (CVE-2018-16481) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Not A Bug
Affects Version/s: 1.20
Fix Version/s: None
Component/s: parser
Labels:
None

Description

org.apache.tika:tika-parsers:1.20 depending on boilerpipe, which the dependency reflections uses.

https://nvd.nist.gov/vuln/detail/CVE-2018-16481

Current Description

A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.

==========================

[info] de.l3s.boilerpipe:boilerpipe:1.1.0
[info] +-org.apache.tika:tika-parsers:1.20

Attachments

Activity

People

Assignee:: Kenneth William Krugler

Reporter:: Alex LI

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Feb/19 06:17

Updated:: 03/Feb/22 23:01

Resolved:: 03/Feb/22 23:01