The Ibis Adapter Framework is an easy to use, stateless integration framework which allows (transactional) messages to be modified and exchanged between different systems.
Apache License 2.0
0
stars
0
forks
source link
CVE-2021-28657 (Medium) detected in tika-parsers-1.14.jar #32
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
CVE-2021-28657 - Medium Severity Vulnerability
Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries.
Library home page: http://www.apache.org
Path to dependency file: /aspose/pom.xml
Path to vulnerable library: /1210151327_OFXRIV/downloadResource_STZRKX/20211210151351/tika-parsers-1.14.jar
Dependency Hierarchy: - :x: **tika-parsers-1.14.jar** (Vulnerable Library)
Found in base branch: master
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Publish Date: 2021-03-31
URL: CVE-2021-28657
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
Release Date: 2021-03-31
Fix Resolution: 1.26
Step up your Open Source Security Game with Mend here