You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Sachin Tappe (Jira)" <ji...@apache.org> on 2019/12/13 08:58:00 UTC
[jira] [Commented] (TIKA-2952) Vulnerable "metadata-extractor
2.11.0" is present in tika 1.22.
[ https://issues.apache.org/jira/browse/TIKA-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16995479#comment-16995479 ]
Sachin Tappe commented on TIKA-2952:
------------------------------------
Hi,
Is this being addressed anytime soon?
> Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.
> ---------------------------------------------------------------
>
> Key: TIKA-2952
> URL: https://issues.apache.org/jira/browse/TIKA-2952
> Project: Tika
> Issue Type: Bug
> Reporter: Aman Mishra
> Priority: Major
>
> We can see that metadata-extractor with version 2.11.0 is present in tika-bundle 1.22 jar. We can see that even latest metadata-extractor with version 2.12.0 is also vulnerable.
>
> So please confirm your side that "Is this vulnerability [CVE-2019-14262] is impacting to tika or not ?"
--
This message was sent by Atlassian Jira
(v8.3.4#803005)