Apache Tika 1.28.2 Incomplete Fix CVE-2022-30126 StandardsText incorrect regex

Summaryinfo

A vulnerability classified as critical was found in Apache Tika 1.28.2. Affected is the function StandardsText of the component Incomplete Fix CVE-2022-30126. Executing a manipulation can lead to incorrect regex. The identification of this vulnerability is CVE-2022-30973. There is no exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Apache Tika 1.28.2. It has been declared as problematic. This vulnerability affects the function StandardsText of the component Incomplete Fix CVE-2022-30126. The manipulation with an unknown input leads to a incorrect regex vulnerability. The CWE definition for the vulnerability is CWE-185. The product specifies a regular expression in a way that causes data to be improperly matched or compared. As an impact it is known to affect availability.

The weakness was shared 06/01/2022. The advisory is available at lists.apache.org. This vulnerability was named CVE-2022-30973 since 05/17/2022. Technical details are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 237252 (Ubuntu 20.04 LTS / 22.04 LTS : Apache Tika vulnerabilities (USN-7529-1)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 1.28.3 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (237252). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Apache

Name

• Tika

Version

• 1.28.2

License

• open-source

Website

• Vendor: https://www.apache.org/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion