tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex LI (JIRA)" <j...@apache.org>
Subject [jira] [Created] (TIKA-2829) Security Vulnerability in boilerpipe (CVE-2018-16481)
Date Mon, 18 Feb 2019 06:18:00 GMT
Alex LI created TIKA-2829:

             Summary: Security Vulnerability in boilerpipe (CVE-2018-16481)
                 Key: TIKA-2829
                 URL: https://issues.apache.org/jira/browse/TIKA-2829
             Project: Tika
          Issue Type: Bug
          Components: parser
    Affects Versions: 1.20
            Reporter: Alex LI

org.apache.tika:tika-parsers:1.20 depending on boilerpipe, which the dependency reflections

h3. Current Description

A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code
to be executed in the user's browser due to the absence of sanitization of the paths before


[info] de.l3s.boilerpipe:boilerpipe:1.1.0
[info]   +-org.apache.tika:tika-parsers:1.20

This message was sent by Atlassian JIRA

View raw message