[jira] [Created] (TIKA-3488) Security issue XXE in TIKA due to JDOM

Arvind Jagtap (Jira) Wed, 21 Jul 2021 04:19:22 -0700

Arvind Jagtap created TIKA-3488:
-----------------------------------

             Summary: Security issue XXE in TIKA due to JDOM
                 Key: TIKA-3488
                 URL: https://issues.apache.org/jira/browse/TIKA-3488
             Project: Tika
          Issue Type: Bug
          Components: tika-server
    Affects Versions: 1.25
            Reporter: Arvind Jagtap



Apache TIKA 1.35 is vulnerable due to dependency on JDOM 2.0.6. Black Duck Hub 
has reported this vulnerability CVE-2021-33813 with more detail on the 
following page. 

[https://nvd.nist.gov/vuln/detail/CVE-2021-33813#range-6782705]

Although the following issue is entered, it is not yet fixed and there is no 
timeline given.

https://github.com/hunterhacker/jdom/issues/189

There are some workaround discussed on this issue. Can this be fixed in TIKA in 
the meanwhile?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (TIKA-3488) Security issue XXE in TIKA due to JDOM

Reply via email to