Miggo Logo
Miggo Vulnerability Database
CVE-2018-11762

CVE-2018-11762: Moderate severity vulnerability that affects org.apache.tika:tika-core

5.9

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-11762
GHSA ID
GHSA-w6g3-v46q-5p28
EPSS Score
0.80476%
CWE
CWE-22
Published
10/17/2018
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tika:tika-coremaven>= 0.9, < 1.191.19

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided patches focus on Tesseract/ImageMagick configuration path handling (adding trailing slashes and directory checks). While these changes improve path normalization, they relate to OCR processing internals rather than the core vulnerability described in CVE-2018-11762. The actual vulnerability exists in file extraction logic when handling embedded files with absolute paths without --extract-dir, which is not present in the provided commit diffs. No functions directly processing embedded file paths or extraction directory validation are visible in these patches.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** Tik* *.* to *.**, in * r*r* **** **s* w**r* * us*r *o*s not sp**i*y *n *xtr**t *ir**tory on t** *omm*n*lin* (--*xtr**t-*ir=) *n* t** input *il* **s *n *m****** *il* wit* *n **solut* p*t*, su** *s "*:/*vil.**t", tik*-*pp woul* ov*rwrit* t**t

Reasoning

T** provi*** p*t***s *o*us on `T*ss*r**t/Im***M**i*k` *on*i*ur*tion p*t* **n*lin* (***in* tr*ilin* sl*s**s *n* *ir**tory ****ks). W*il* t**s* ***n**s improv* p*t* norm*liz*tion, t**y r*l*t* to O*R pro**ssin* int*rn*ls r*t**r t**n t** *or* vuln*r**ili