Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incomplete fix and new regex DoS in StandardsExtractingContentHandler
Vulnerability Description
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Tika 安全漏洞
Vulnerability Description
Apache Tika是美国阿帕奇(Apache)基金会的一个集成了POI(使用Java程序对MicrosoftOffice格式文档提供读和写功能的开源函数库)、Pdfbox(读取和创建PDF文档的纯Java类库)并为文本抽取工作提供了统一界面的内容抽取工具集合。 Apache Tika 1.28.4 之前版本和 2.4.1 之前版本存在安全漏洞,该漏洞源于 StandardsExtractingContentHandler 存在正则表达式拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A