CVE-2016-6809

Name of the Vulnerable Software and Affected Versions Apache Tika versions prior to 1.14

Description The issue allows Java code execution for serialized objects embedded in MATLAB files. This occurs because Tika invokes JMatIO to do native deserialization.

Recommendations For versions prior to 1.14, update to version 1.14 or later to resolve the issue. As a temporary workaround, consider disabling the deserialization of MATLAB files until a patch is available. Restrict access to the JMatIO module to minimize the risk of exploitation.