You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "WCM RnD (Jira)" <ji...@apache.org> on 2021/07/11 17:16:00 UTC
[jira] [Updated] (SOLR-15530) High security vulnerability in
jackson-databind bundled within Solr 8.9
[ https://issues.apache.org/jira/browse/SOLR-15530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
WCM RnD updated SOLR-15530:
---------------------------
Description:
High security vulnerability has been reported in jackson_databind bundled within SOLR 8.9:
|CVE-2018-7489|9.8|critical|fixed in 2.9.5, 2.8.11.1, 2.7.9.3| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
|CVE-2020-35490|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
|CVE-2020-35491|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
was:
High security vulnerability has been reported in the JDOM library bundled within SOLR 8.9:
CVE-2021-33813
*Affected Component(s):* JDOM
*Vulnerability Published:* 2021-06-16 08:15 EDT
*Vulnerability Updated:* 2021-06-21 18:21 EDT
*CVSS Score:* {color:#FF0000}7.5{color} (overall), {color:#FF0000}7.5{color} (base)
*Summary*: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
> High security vulnerability in jackson-databind bundled within Solr 8.9
> -----------------------------------------------------------------------
>
> Key: SOLR-15530
> URL: https://issues.apache.org/jira/browse/SOLR-15530
> Project: Solr
> Issue Type: Bug
> Affects Versions: 8.9
> Reporter: WCM RnD
> Priority: Critical
>
> High security vulnerability has been reported in jackson_databind bundled within SOLR 8.9:
>
> |CVE-2018-7489|9.8|critical|fixed in 2.9.5, 2.8.11.1, 2.7.9.3| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
> |CVE-2020-35490|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
> |CVE-2020-35491|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org