Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:34
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-04-06 21:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-6809
Mitre link : CVE-2016-6809
CVE.ORG link : CVE-2016-6809
JSON object : View
Products Affected
apache
- tika
- nutch
CWE
CWE-502
Deserialization of Untrusted Data