We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-05-31T13:20:10

Updated: 2024-08-03T07:03:40.228Z

Reserved: 2022-05-17T00:00:00

Link: CVE-2022-30973

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-31T14:15:07.897

Modified: 2024-11-21T07:03:39.357

Link: CVE-2022-30973

cve-icon Redhat

Severity : Low

Publid Date: 2022-05-31T00:00:00Z

Links: CVE-2022-30973 - Bugzilla