CVE-2019-10093: Uncontrolled Resource Consumption

August 2, 2019 (updated August 12, 2019)

In Apache Tika, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs.

References

lists.apache.org/thread.html/a5a44eff1b9eda3bc69d22943a1030c43d376380c75d3ab04d0c1a21@%3Cdev.tika.apache.org%3E
lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d@%3Cdev.tika.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2019-10093

Code Behaviors & Features

Detect and mitigate CVE-2019-10093 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →