You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Tellier Benoit (JIRA)" <se...@james.apache.org> on 2019/01/02 04:28:00 UTC
[jira] [Created] (JAMES-2634) Tika 1.19.x is vulnerable to
CVE-2017-17197
Tellier Benoit created JAMES-2634:
-------------------------------------
Summary: Tika 1.19.x is vulnerable to CVE-2017-17197
Key: JAMES-2634
URL: https://issues.apache.org/jira/browse/JAMES-2634
Project: James Server
Issue Type: New Feature
Reporter: Tellier Benoit
[CVE-2018-17197] Apache Tika Denial of Service -- Infinite Loop in Tika's SQLite3Parser
A carefully crafted or corrupt sqlite file can cause an infinite loop
in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
Thus we should recommend using Tika up version 1.20 in James documentation and rely on this version in our tests.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org