Vulnerability Database

309,102

Total vulnerabilities in the database

CVE-2024-21651

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.

Published: Jan 9, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-21651
GHSA: GHSA-8959-rfxh-r4j4
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
org.xwiki.platform / xwiki-platform-distribution-war	14.10	14.10.18
org.xwiki.platform / xwiki-platform-distribution-war	15.0-rc-1	15.5.3
org.xwiki.platform / xwiki-platform-distribution-war	15.6-rc-1	15.8-rc-1
xwiki / xwiki	15.6	15.8
xwiki / xwiki	14.10	14.10.18
xwiki / xwiki	15.5	15.5.3

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo