CVE-2016-6809: Deserialization of Untrusted Data

April 6, 2017 (updated October 15, 2019)

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.

References

seclists.org/bugtraq/2016/Nov/40
www.securityfocus.com/bid/94247
dist.apache.org/repos/dist/release/tika/CHANGES-1.14.txt
nvd.nist.gov/vuln/detail/CVE-2016-6809

Code Behaviors & Features

Detect and mitigate CVE-2016-6809 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →