Path to dependency file: /genie-agent/build.gradle
Path to vulnerable library: /le/caches/modules-2/files-2.1/org.apache.tika/tika-core/1.20/85888f238720b062c551df5e2a9c943788010e33/tika-core-1.20.jar,/le/caches/modules-2/files-2.1/org.apache.tika/tika-core/1.20/85888f238720b062c551df5e2a9c943788010e33/tika-core-1.20.jar
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
CVE-2019-10094 - High Severity Vulnerability
This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API.
Library home page: http://tika.apache.org/
Path to dependency file: /genie-agent/build.gradle
Path to vulnerable library: /le/caches/modules-2/files-2.1/org.apache.tika/tika-core/1.20/85888f238720b062c551df5e2a9c943788010e33/tika-core-1.20.jar,/le/caches/modules-2/files-2.1/org.apache.tika/tika-core/1.20/85888f238720b062c551df5e2a9c943788010e33/tika-core-1.20.jar
Dependency Hierarchy: - :x: **tika-core-1.20.jar** (Vulnerable Library)
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
Publish Date: 2019-08-02
URL: CVE-2019-10094
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10093
Release Date: 2019-08-02
Fix Resolution: 1.22