CVE-2016-4434

Name of the Vulnerable Software and Affected Versions Apache Tika versions prior to 1.13

Description The issue is related to the improper initialization of the XML parser or the choice of handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks. This can occur through vectors involving spreadsheets in OOXML files and XMP metadata in PDF and other file formats.

Recommendations For Apache Tika versions prior to 1.13, update to version 1.13 or later to resolve the issue. As a temporary workaround, consider disabling the XML parser initialization or restricting the handling of XML files to minimize the risk of exploitation.