Hello,
We are detecting two vulnerabilities in the tika-server-standard-2.7.0.jar file:
OutOfMemoryError for large multipart without filename in Eclipse Jetty
GitHub advisory: https://github.com/advisories/GHSA-qw69-rqj8-6qw8
CVE-2023-26048 -
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
Package Information
Name: org.eclipse.jetty:jetty-server
Package Type: Java
Path: tika-server-standard-2.7.0.jar
Installed Version: 9.4.50.v20221201
Fixed Version: 9.4.51
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from
other cookies
GitHub advisory: https://github.com/advisories/GHSA-p26g-97m4-6q7c
CVE-2023-26049 -
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
Package Information
Name: org.eclipse.jetty:jetty-server
Package Type: Java
Path: tika-server-standard-2.7.0.jar
Installed Version: 9.4.50.v20221201
Fixed Version: 9.4.51
Thank you,
Jason
