[
https://issues.apache.org/jira/browse/TIKA-2885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Allison resolved TIKA-2885.
-------------------------------
Resolution: Fixed
Fix Version/s: 1.22
> Vulnerabilities in tika
> -----------------------
>
> Key: TIKA-2885
> URL: https://issues.apache.org/jira/browse/TIKA-2885
> Project: Tika
> Issue Type: Bug
> Components: parser
> Affects Versions: 1.21
> Reporter: Kevin Ng
> Priority: Blocker
> Fix For: 1.22
>
>
> Whilst trying to build tika parsers, I hit the following vulnerabilities
> reported:
>
>
> [ERROR] Failed to execute goal
> org.sonatype.ossindex.maven:ossindex-maven-plugin:3.0.4:audit
> (audit-dependencies) on project tika-parsers: Detected 2 vulnerable
> components:
> [ERROR] com.fasterxml.jackson.core:jackson-databind:jar:2.9.8:compile;
> https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]
> [ERROR] * [CVE-2019-12086] Information Exposure (7.5);
> https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029
> [ERROR] c3p0:c3p0:jar:0.9.1.1:compile;
> https://ossindex.sonatype.org/component/pkg:maven/c3p0/[email protected]
> [ERROR] * [CVE-2019-5427] Resource Management Errors (7.5);
> https://ossindex.sonatype.org/vuln/d25f4c21-9e76-4fc2-9d73-3770aa3aec56
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
