We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-05-31T13:20:10
Updated: 2024-08-03T07:03:40.228Z
Reserved: 2022-05-17T00:00:00
Link: CVE-2022-30973
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-05-31T14:15:07.897
Modified: 2024-11-21T07:03:39.357
Link: CVE-2022-30973
Redhat