[ https://issues.apache.org/jira/browse/TIKA-3488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466681#comment-17466681 ]
Lewis John McGibbney commented on TIKA-3488: -------------------------------------------- This was fixed in https://github.com/apache/tika/pull/469 > Security issue XXE in TIKA due to JDOM > -------------------------------------- > > Key: TIKA-3488 > URL: https://issues.apache.org/jira/browse/TIKA-3488 > Project: Tika > Issue Type: Task > Components: tika-server > Affects Versions: 1.25 > Reporter: Arvind Jagtap > Assignee: Lewis John McGibbney > Priority: Major > Fix For: 2.2.1 > > > Apache TIKA 1.35 is vulnerable due to dependency on JDOM 2.0.6. Black Duck > Hub has reported this vulnerability CVE-2021-33813 with more detail on the > following page. > [https://nvd.nist.gov/vuln/detail/CVE-2021-33813#range-6782705] > Although the following issue is entered, it is not yet fixed and there is no > timeline given. > https://github.com/hunterhacker/jdom/issues/189 > There are some workaround discussed on this issue. Can this be fixed in TIKA > in the meanwhile? -- This message was sent by Atlassian Jira (v8.20.1#820001)