[jira] [Resolved] (TIKA-3488) Security issue XXE in TIKA due to JDOM

Lewis John McGibbney (Jira) Wed, 29 Dec 2021 20:32:12 -0800


     [ 
https://issues.apache.org/jira/browse/TIKA-3488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Lewis John McGibbney resolved TIKA-3488.
----------------------------------------
    Resolution: Fixed

> Security issue XXE in TIKA due to JDOM
> --------------------------------------
>
>                 Key: TIKA-3488
>                 URL: https://issues.apache.org/jira/browse/TIKA-3488
>             Project: Tika
>          Issue Type: Task
>          Components: tika-server
>    Affects Versions: 1.25
>            Reporter: Arvind Jagtap
>            Assignee: Lewis John McGibbney
>            Priority: Major
>             Fix For: 2.2.1
>
>
> Apache TIKA 1.35 is vulnerable due to dependency on JDOM 2.0.6. Black Duck 
> Hub has reported this vulnerability CVE-2021-33813 with more detail on the 
> following page. 
> [https://nvd.nist.gov/vuln/detail/CVE-2021-33813#range-6782705]
> Although the following issue is entered, it is not yet fixed and there is no 
> timeline given.
> https://github.com/hunterhacker/jdom/issues/189
> There are some workaround discussed on this issue. Can this be fixed in TIKA 
> in the meanwhile?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (TIKA-3488) Security issue XXE in TIKA due to JDOM

Reply via email to