CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2016-6809
https://notcve.org/view.php?id=CVE-2016-6809
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization. Apache Tika en versiones anteriores a 1.14 permite la ejecución de código Java para objetos serializados incrustados en archivos MATLAB. El problema existe porque Tika invoca JMatIO para hacer la deserialización nativa. • http://seclists.org/bugtraq/2016/Nov/40 http://www.securityfocus.com/bid/94247 https://dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt https://lists.apache.org/thread.html/91eb639ef619b9a26b40020ca6732e7dbe457f7322ed5f1df49e411a%40%3Cdev.nutch.apache.org%3E https://lists.apache.org/thread.html/d2375da29d89e679abf5d845db76d6f798fdc6f7d44f2c788e8a0fb9%40%3Cuser.nutch.apache.org%3E https://lists.apache.org/thread.html/e414754a6c57ce7194b731e211cd6b2cbb41f2c7000e3fb9c6b6ec78%40%3Cdev.lucene.apache.org%3E https://lists.apache.org/ • CWE-502: Deserialization of Untrusted Data •