CVE-2022-33879 in Apache and Canonical Products
Published on June 27, 2022
Incomplete fix and new regex DoS in StandardsExtractingContentHandler
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
Products Associated with CVE-2022-33879
stack.watch emails you whenever new vulnerabilities are published in Apache Tika or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Apache Software Foundation Apache Tika:- Version Apache Tika and below 2.4.1 is affected.
Exploit Probability
EPSS
0.03%
Percentile
8.57%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.