Any23
CVE-2023-34150
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
UNSUPPORTED WHEN ASSIGNED Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.
AnalysisAI
UNSUPPORTED WHEN ASSIGNED Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. UNSUPPORTED WHEN ASSIGNED Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage. Affected products include: Apache Any23.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect A
An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is kn
An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to a
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today