[jira] [Created] (TIKA-2829) Security Vulnerability in boilerpipe (CVE-2018-16481)

Alex LI (JIRA) Sun, 17 Feb 2019 22:18:29 -0800

Alex LI created TIKA-2829:
-----------------------------

             Summary: Security Vulnerability in boilerpipe (CVE-2018-16481)
                 Key: TIKA-2829
                 URL: https://issues.apache.org/jira/browse/TIKA-2829
             Project: Tika
          Issue Type: Bug
          Components: parser
    Affects Versions: 1.20
            Reporter: Alex LI



org.apache.tika:tika-parsers:1.20 depending on boilerpipe, which the dependency 
reflections uses.

[https://nvd.nist.gov/vuln/detail/CVE-2018-16481]
h3. Current Description

A XSS vulnerability was found in html-page <=2.1.1 that allows malicious 
Javascript code to be executed in the user's browser due to the absence of 
sanitization of the paths before rendering.

==========================

[info] de.l3s.boilerpipe:boilerpipe:1.1.0
[info]   +-org.apache.tika:tika-parsers:1.20



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (TIKA-2829) Security Vulnerability in boilerpipe (CVE-2018-16481)

Reply via email to