Full title: Apache Tika 1.13 Code Execution Vulnerability Category: remote exploits Platform: java Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected. # 0day.today @ http://0day.today/