tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex LI (JIRA)" <j...@apache.org>
Subject [jira] [Created] (TIKA-2829) Security Vulnerability in boilerpipe (CVE-2018-16481)
Date Mon, 18 Feb 2019 06:18:00 GMT
Alex LI created TIKA-2829:
-----------------------------

             Summary: Security Vulnerability in boilerpipe (CVE-2018-16481)
                 Key: TIKA-2829
                 URL: https://issues.apache.org/jira/browse/TIKA-2829
             Project: Tika
          Issue Type: Bug
          Components: parser
    Affects Versions: 1.20
            Reporter: Alex LI


org.apache.tika:tika-parsers:1.20 depending on boilerpipe, which the dependency reflections
uses.

[https://nvd.nist.gov/vuln/detail/CVE-2018-16481]
h3. Current Description

A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code
to be executed in the user's browser due to the absence of sanitization of the paths before
rendering.

==========================

[info] de.l3s.boilerpipe:boilerpipe:1.1.0
[info]   +-org.apache.tika:tika-parsers:1.20



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message