[jira] [Created] (TIKA-3558) vulnerability detected in vorbis-tika-java

brent jackson (Jira) Tue, 21 Sep 2021 07:45:04 -0700

brent jackson created TIKA-3558:
-----------------------------------

             Summary: vulnerability detected in vorbis-tika-java
                 Key: TIKA-3558
                 URL: https://issues.apache.org/jira/browse/TIKA-3558
             Project: Tika
          Issue Type: Bug
    Affects Versions: 1.27
            Reporter: brent jackson



we recently had a user report that a security scan on tika-app-1.25 discovered 
a vulernability in vorbis-tika-java. specifically:

 

[https://nvd.nist.gov/vuln/detail/CVE-2017-6888]

(detected on 
tika-app-1.25.jar/META-INF/maven/org.gagravarr/vorbis-java-tika/pom.xml)

 

i checked 1.27 and the org.gagravarr classes have not been updated (they all 
date from 2016).  has this vulnerability been addressed? or is it a false 
positive? thanks.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (TIKA-3558) vulnerability detected in vorbis-tika-java

Reply via email to