CVE-2021-28657
Infinite loop in Apache Tika's MP3 parser
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
Produtos afetados
Apache Software Foundation · Apache TikaQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3Ehttps://lists.apache.org/thread.html/r915add4aa52c60d1b5cf085039cfa73a98d7fae9673374dfd7744b5a%40%3Cdev.tika.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210507-0004/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html