Bug 1632469 (CVE-2018-11762)
Summary: | CVE-2018-11762 tika: Zip Slip vulnerability in tika-app | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abergmann, aileenc, alazarot, anstephe, bkearney, cbuissar, chazlett, drieden, etirelli, gvarsami, hhorak, ibek, java-sig-commits, jcoleman, jolee, jorton, jschatte, jstastny, kconner, krathod, kverlaen, ldimaggi, lef, meissner, nwallace, paradhya, puntogil, rrajasek, rsynek, rwagner, rzhang, sdaley, tcunning, tkirby, tlestach, vhalbert |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | tika 1.19 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-12-10 01:24:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1632470 | ||
Bug Blocks: | 1632464 |
Description
Laura Pardo
2018-09-24 20:52:52 UTC
Created tika tracking bugs for this issue: Affects: fedora-all [bug 1632470] Upstream bug: https://issues.apache.org/jira/browse/TIKA-2687 Upstream commits: https://github.com/apache/tika/commit/a09d853dbed712f644e274b497cce254f3189d57 https://github.com/apache/tika/commit/5c78eb78893fa077a4e58be4484eab4717667d52 The tika packages as shipped as part of the Eclipse collections do not include tika-app and are therefore unaffected by this issue. Red Hat Satellite 5 does not ship the vulnerable code, and thus is not affected by this flaw. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-11762 |