[
https://issues.apache.org/jira/browse/SOLR-10895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16050872#comment-16050872
]
Isabelle Giguere commented on SOLR-10895:
-----------------------------------------
Sorry for the duplicate, and thanks for the links. I didn't see it in my
search results.
> Upgrade to Tika 1.14
> --------------------
>
> Key: SOLR-10895
> URL: https://issues.apache.org/jira/browse/SOLR-10895
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 5.4.1, 6.6
> Reporter: Isabelle Giguere
>
> "Apache Tika before 1.14 allows Java code execution for serialized objects
> embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do
> native deserialization."
> a few links:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6809
> https://nvd.nist.gov/vuln/detail/CVE-2016-6809
> ******************
> This was originally reported by my employer's Security Analysis team.
> We are still on Solr 5.4.1. It would be good to know that this security
> issue could be fixed with an eventual Solr upgrade.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
