First published: Thu Apr 06 2017(Updated: )
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Nutch | =2.3.1 | |
Apache Tika | <=1.13 | |
maven/org.apache.tika:tika-core | <1.14 | 1.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-6809 has been assessed as a critical vulnerability due to its potential for remote code execution.
To fix CVE-2016-6809, upgrade to Apache Tika version 1.14 or later.
CVE-2016-6809 affects all versions of Apache Tika prior to version 1.14.
Yes, CVE-2016-6809 can allow an attacker to execute arbitrary Java code remotely, leading to unauthorized access.
Apache Nutch version 2.3.1 and earlier versions of Apache Tika are vulnerable to CVE-2016-6809.