CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33879 – Incomplete fix and new regex DoS in StandardsExtractingContentHandler
https://notcve.org/view.php?id=CVE-2022-33879
27 Jun 2022 — The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. Las correcciones iniciales en CVE-2022-30126 y CVE-2022-30973 para regexes en el StandardsExtractingContentHandler fueron insuficientes, y encontramos un nuevo DoS regex separado en un regex diferente en el StandardsExtractingContentHandler. ... • http://www.openwall.com/lists/oss-security/2022/06/27/5 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30973 – Missing fix for CVE-2022-30126 in 1.28.2
https://notcve.org/view.php?id=CVE-2022-30973
31 May 2022 — We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. No hemos aplicado la corrección de CVE-2022-30126 a la rama 1.x en la versión 1.28.2. • http://www.openwall.com/lists/oss-security/2022/05/31/2 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 0CVE-2022-30126 – Apache Tika Regular Expression Denial of Service in Standards Extractor
https://notcve.org/view.php?id=CVE-2022-30126
16 May 2022 — In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 En Apache Tika, una expresión regular en nuestra clase StandardsText, usada por el StandardsExtractingContentHandler podría conllevar a una denegación de servicio causad... • http://www.openwall.com/lists/oss-security/2022/05/16/3 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-25169 – Apache Tika BPGParser Memory Usage DoS
https://notcve.org/view.php?id=CVE-2022-25169
16 May 2022 — The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. El analizador BPG en Apache Tika versiones anteriores a 1.28.2 y 2.4.0, puede asignar una cantidad de memoria no razonable en archivos cuidadosamente diseñados • http://www.openwall.com/lists/oss-security/2022/05/16/4 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-33813 – jdom: XXE allows attackers to cause a DoS via a crafted HTTP request
https://notcve.org/view.php?id=CVE-2021-33813
16 Jun 2021 — An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. Un problema de tipo XXE en SAXBuilder en JDOM versiones hasta 2.0.6, permite a atacantes causar una denegación de servicio por medio de una petición HTTP diseñada Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning proble... • https://alephsecurity.com/vulns/aleph-2021003 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-28657 – Infinite loop in Apache Tika's MP3 parser
https://notcve.org/view.php?id=CVE-2021-28657
31 Mar 2021 — A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. Un archivo cuidadosamente diseñado o corrupto puede desencadenar un bucle infinito en MP3Parser de Tika versiones hasta Tika 1.25 incluyéndola. Los usuarios de Apache Tika deben actualizar a versión 1.26 o posterior. • https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •