CVE-2018-11761: Apache Tika Denial of Service via XML Entity Expansion Vulnerability
Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache Tika 0.1 to 1.18 Description: Apache Tika's XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. Mitigation: Apache Tika users should upgrade to 1.19 or later Credit: This issue was discovered by Renfei (Brian) Wang of Amazon.