CVE-2016-6809 Vulnerability in maven package org.apache.tika:tika-parsers

Description

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

Remediation

References

https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt

http://seclists.org/bugtraq/2016/Nov/40

http://www.securityfocus.com/bid/94247

https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78%40%3Cdev.lucene.apache.org%3E

https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a%40%3Cdev.nutch.apache.org%3E

https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9%40%3Cuser.nutch.apache.org%3E

https://lists.apache.org/thread.html/r2f6f6c130b12b7332f323f74d031072b1517065ce28a22346791ffb6%40%3Cissues.lucene.apache.org%3E

https://lists.apache.org/thread.html/rfd3646bb724b66b1a9ddef69e692da2b7a727a8799551c78eedf0a0f%40%3Cissues.lucene.apache.org%3E

Related Vulnerabilities

CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-saml-core

CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12

CVE-2022-43427 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2019-11343 Vulnerability in maven package org.torpedoquery:org.torpedoquery

CVE-2017-15691 Vulnerability in maven package org.apache.uima:uimafit

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H