Tika 2.6.0 contains com.fasterxml.woodstox:woodstox-core version 6.2.8 in tika-server-standard-2.6.0.jar which has a DOS vulnerability with a CVSS 3.0 score of 7.5 (HIGH).
I've gone through the user and dev mailing lists and JIRA and I haven't found any previous reports so I wanted to bring this to your attention. I don't have an account in JIRA so I believe this is the only way I am able to report it. More information about the vulnerability CVE-2022-40152: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152 https://nvd.nist.gov/vuln/detail/CVE-2022-40152 https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
