You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Tim Allison <ta...@apache.org> on 2019/08/02 11:33:38 UTC
[CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's RecursiveParserWrapper
Title: [CVE-2019-10088] OOM from a crafted Zip File in Apache Tika's
RecursiveParserWrapper
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Apache Tika 1.7 to 1.21
Description:
A carefully crafted or corrupt zip file can cause an OOM in Apache
Tika's RecursiveParserWrapper in versions 1.7-1.21.
Mitigation:
Apache Tika users should upgrade to 1.22 or later.
Credit:
This issue was discovered by RunningSnail.