advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-9r24-gp44-h3pm] High severity vulnerability that affects org.apache.tika:tika-core

Open MarkLee131 opened this issue 1 year ago • 1 comments

Updates

  • References
  • Source code location

Comments Add a patch https://github.com/apache/tika/commit/d1bc09386405d28d6b0f0a29ce8c3e7efd72d6c7, of which the commit message claims fix potential resource leak, continued

Add a patch https://github.com/apache/tika/commit/4fdc51a40bf9532d7db57d0b08c1aec3931468ad, of which the commit message claims followup fix

Add a patch https://github.com/apache/tika/commit/e82c2efd2b1ac731b6954634741b70ecf0ed6f01, of which the commit message claims fix potential resource leak

Add a patch https://github.com/apache/tika/commit/302f22aff7a836868b270038e1d66002a2004869, of which the commit message claims fix readUE7

Add a patch https://github.com/apache/tika/commit/ffb48dd29d0c2009490caefda75e5b57c7958c51, of which the commit message claims fix chm parser

Add a patch https://github.com/apache/tika/commit/5d983aad0b68a228f180686a4135ed8c7cd589f1, of which the commit message claims fix chm; remove println

Add a patch https://github.com/apache/tika/commit/b2d3932b847a171a85e356aa230af461a0f80d91, of which the commit message claims fix potential resource leak

MarkLee131 avatar Mar 04 '24 04:03 MarkLee131

Hey @MarkLee131, this advisory seems to be talking about command injection and not resource leaks. Can you elaborate on why you think these commits are related?

darakian avatar Mar 04 '24 21:03 darakian

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Mar 22 '24 00:03 taladrane

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Apr 08 '24 00:04 taladrane