[jira] [Commented] (TIKA-2952) Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (TIKA-2952) Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.

Markus Jelsma (Jira)

    [ https://issues.apache.org/jira/browse/TIKA-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16995732#comment-16995732 ]

Tim Allison commented on TIKA-2952:

The path ahead isn't clear, and a newer version of metadata extractor has not yet been released: https://github.com/drewnoakes/metadata-extractor/issues/442

> Vulnerable "metadata-extractor 2.11.0" is present in tika 1.22.
> ---------------------------------------------------------------
>                 Key: TIKA-2952
>                 URL: https://issues.apache.org/jira/browse/TIKA-2952
>             Project: Tika
>          Issue Type: Bug
>            Reporter: Aman Mishra
>            Priority: Major
> We can see that metadata-extractor with version 2.11.0 is present in tika-bundle 1.22 jar. We can see that even latest metadata-extractor with version 2.12.0 is also vulnerable.
> So please confirm your side that "Is this vulnerability [CVE-2019-14262] is impacting to tika or not ?"

This message was sent by Atlassian Jira