Renfei Wang

**Name of the Vulnerable Software and Affected Versions** Apache Tika versions 0.1 through 1.18 **Description** The issue is related to the XML parsers in Apache Tika not being configured to limit entity expansion, making them vulnerable to an entity expansion vulnerability. This can lead to a denial of service attack. The vulnerability is also associated with incorrect restriction of XML links to external objects, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Apache Tika versions 0.1 through 1.18, consider configuring the XML parsers to limit entity expansion as a temporary workaround to mitigate the risk of a denial of service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.