[
https://issues.apache.org/jira/browse/TIKA-1968?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
I-Min Mau updated TIKA-1968:
----------------------------
Description:
We had specifically upgraded the tika jar we use in our Pipe application to
tika-core-1.9.jar, but Veracode static scan still reports the following 3 OS
command injection flaws:
17589 176 - tika-core-1.9.jar org/.../ExternalEmbedder.java 367 4/23/16
17595 177 - tika-core-1.9.jar org/.../ExternalParser.java 178 4/23/16
17593 177 - tika-core-1.9.jar org/.../ExternalParser.java 180 4/23/16
Requesting fix in higher version and/or help us remediate so we can pass our
corporate security reports, thanks!
was:
[~grossws] recently observed on the
[devlist|https://mail-archives.apache.org/mod_mbox/tika-dev/201604.mbox/%3CCALvb29ytzFdOi%3Dx06NTc0DeiY3oN5uZNMNe%3DV9K3ME6r%2B4gzYg%40mail.gmail.com%3E]
that we had some recent API breaking changes to the language detection
component in 1.x=trunk.
We need to add the legacy code back before the 1.13 release.
> Veracode static scan reports 3 very high OS Command injections in
> tika-core-1.9.jar
> -----------------------------------------------------------------------------------
>
> Key: TIKA-1968
> URL: https://issues.apache.org/jira/browse/TIKA-1968
> Project: Tika
> Issue Type: Bug
> Affects Versions: 1.9
> Reporter: I-Min Mau
> Assignee: Tim Allison
>
> We had specifically upgraded the tika jar we use in our Pipe application to
> tika-core-1.9.jar, but Veracode static scan still reports the following 3 OS
> command injection flaws:
> 17589 176 - tika-core-1.9.jar org/.../ExternalEmbedder.java 367 4/23/16
> 17595 177 - tika-core-1.9.jar org/.../ExternalParser.java 178 4/23/16
> 17593 177 - tika-core-1.9.jar org/.../ExternalParser.java 180 4/23/16
> Requesting fix in higher version and/or help us remediate so we can pass our
> corporate security reports, thanks!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
