6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-34150

GHSA ID

GHSA-2gpr-j5vj-wvh2

EPSS Score

0.21222%

CWE

CWE-20

Published

7/5/2023

Updated

11/7/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-34150

CVE-2023-34150: Apache Any23 vulnerable to excessive memory usage

Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-34150

CVE-2023-34150:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-34150

GHSA ID

GHSA-2gpr-j5vj-wvh2

EPSS Score

0.21222%

CWE

CWE-20

Published

7/5/2023

Updated

11/7/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.any23:apache-any23	maven	<= 2.7

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems directly from the use of TikaEncodingDetector for encoding detection, as stated in the advisory. The CWE-400 (Uncontrolled Resource Consumption) indicates a lack of safeguards against resource exhaustion. Since TikaEncodingDetector is designed to analyze byte streams for charset detection, its detect() method would be the logical entry point where input validation should occur. The absence of input size checks before processing would allow maliciously large inputs to trigger excessive memory allocation, aligning with the described vulnerability mechanism. Though no patch details are available, the component and attack pattern are explicitly identified in the advisory.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-34150: Apache Any23 vulnerable to excessive memory usage

CVE-2023-34150:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2023-34150: Apache Any23 vulnerable to excessive memory usage

Basic Information

Basic Information

Technical Details

6.5

6.5

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI