[jira] [Resolved] (TIKA-2952) Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.

Tim Allison (Jira) Mon, 24 Feb 2020 10:53:01 -0800


     [ 
https://issues.apache.org/jira/browse/TIKA-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tim Allison resolved TIKA-2952.
-------------------------------
    Fix Version/s: 1.24
         Assignee: Tim Allison
       Resolution: Fixed

> Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.
> ---------------------------------------------------------------
>
>                 Key: TIKA-2952
>                 URL: https://issues.apache.org/jira/browse/TIKA-2952
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Aman Mishra
>            Assignee: Tim Allison
>            Priority: Major
>             Fix For: 1.24
>
>         Attachments: TIKA-2952_draft.patch
>
>
> We can see that metadata-extractor with version 2.11.0 is present in 
> tika-bundle 1.22 jar. We can see that even latest metadata-extractor with 
> version 2.12.0 is also vulnerable.
>  
> So please confirm your side that "Is this vulnerability [CVE-2019-14262] is 
> impacting to tika or not ?"



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (TIKA-2952) Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.

Reply via email to