Aman Mishra created TIKA-2953:
---------------------------------
Summary: Vulnerable "commons-compress : 1.18" is present in
tika-bundle 1.22.
Key: TIKA-2953
URL: https://issues.apache.org/jira/browse/TIKA-2953
Project: Tika
Issue Type: Bug
Reporter: Aman Mishra
We can see that commons-compress with version 1.18 is present in tika-bundle
1.22 jar. We can see that latest commons-compress with version 1.19 is not
vulnerable.
So please confirm your side that "Is this vulnerability CVE-2019-12402 is
impacting to tika or not ?"
And can we upgrade this library (commons-compress : 1.18) to latest version
1.19 locally after downloading the source code of tika ? Is there any challenge
for this?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
