Apache Tika Vulnerability CVE-2022-33879Issue date: 21-09-2022
Affects versions: 15.1, 14.7, 13.4
Security Issue ID
Affected Product Version(s)
15.1.0, 14.7.8, 13.4.18, and all previous versions
Apache Tika contains incomplete fix for regex DoS The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient. A new separate, regex DoS in a different regex in the StandardsExtractingContentHandler is found.
The problem has been recognized and patched. The fix is available in version 1.28.4 and 2.4.1.
Customers are recommended to upgrade to the latest version. As of the time of writing, 15.1.1, 14.7.9 or 13.4.19