CVE-2019-10093
MEDIUMApache Tika 1.19-1.21 - Denial of Service via Crafted 2003ml or 2006ml File
Title source: llmDescription
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.
References (8)
Core 8
Core References
Mailing List x_refsource_confirm
https://lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21%40%3Cdev.tika.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190828-0004/
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Scores
CVSS v3
6.5
EPSS
0.0142
EPSS Percentile
80.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (2)
apache/tika
1.19 - 1.21
org.apache.tika/tika-parsers
1.19 - 1.22Maven
Published
Aug 02, 2019
Tracked Since
Feb 18, 2026