CGA-pqmq-rmg6-cmrc

Published

Last updated

https://images.chainguard.dev/security/CGA-pqmq-rmg6-cmrc

Package

apache-tika-3.0

Latest Update

Fixed

Fixed Version

3.0.0-r9

Aliases

CVE-2025-23184
GHSA-fh5r-crhr-qrrq

Severity

7.5

High

CVSS V3

Summary

Apache CXF: Denial of Service vulnerability with temporary files

Description

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23184
https://github.com/advisories/GHSA-fh5r-crhr-qrrq
https://github.com/apache/cxf/pull/2048
https://github.com/apache/cxf/pull/2111
https://github.com/apache/cxf
https://issues.apache.org/jira/browse/CXF-7396
https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122
https://security.netapp.com/advisory/ntap-20250214-0003
http://www.openwall.com/lists/oss-security/2025/01/20/3

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-pqmq-rmg6-cmrc

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources