Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-2885

Vulnerabilities in tika

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.21
    • 1.22
    • parser
    • None

    Description

      Whilst trying to build tika parsers, I hit the following vulnerabilities reported:

       

       

      [ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.4:audit (audit-dependencies) on project tika-parsers: Detected 2 vulnerable components:
      [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile; https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
      [ERROR] * [CVE-2019-12086] Information Exposure (7.5); https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
      [ERROR] c3p0:c3p0:jar:0.9.1.1:compile; https://ossindex.sonatype.org/component/pkg:maven/c3p0/c3p0@0.9.1.1
      [ERROR] * [CVE-2019-5427] Resource Management Errors (7.5); https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. TIKA-2878 Update dependencies for 1.22

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              ngkmh Kevin Ng
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: