[ https://issues.apache.org/jira/browse/FLINK-31800?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712257#comment-17712257 ]
Martijn Visser edited comment on FLINK-31800 at 4/14/23 12:39 PM: ------------------------------------------------------------------ [~satanicmechanic] I would recommend to first check if this dependency is really bundled with Flink. When running a {{mvn dependency:tree}}, there's no occurrence of tika anywhere as a (transitive) dependency. was (Author: martijnvisser): [~satanicmechanic] I would recommend to first check if this dependency is really bundled with Flink. When running a {mvn dependency:tree}, there's no occurrence of tika anywhere as a (transitive) dependency. > Update tika to current > ---------------------- > > Key: FLINK-31800 > URL: https://issues.apache.org/jira/browse/FLINK-31800 > Project: Flink > Issue Type: Technical Debt > Affects Versions: 1.17.0 > Reporter: Morey Straus > Priority: Major > Labels: security > > Multiple vulns in org.apache.tika:tika-core-1.28.1 > https://nvd.nist.gov/vuln/detail/CVE-2022-30126 > https://nvd.nist.gov/vuln/detail/CVE-2022-30973 > https://nvd.nist.gov/vuln/detail/CVE-2022-30126 > https://nvd.nist.gov/vuln/detail/CVE-2022-25169 -- This message was sent by Atlassian Jira (v8.20.10#820010)