You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "WCM RnD (Jira)" <ji...@apache.org> on 2021/07/11 17:16:00 UTC

[jira] [Updated] (SOLR-15530) High security vulnerability in jackson-databind bundled within Solr 8.9

     [ https://issues.apache.org/jira/browse/SOLR-15530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

WCM RnD updated SOLR-15530:
---------------------------
    Description: 
High security vulnerability has been reported in  jackson_databind bundled within SOLR 8.9:

 
|CVE-2018-7489|9.8|critical|fixed in 2.9.5, 2.8.11.1, 2.7.9.3| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
|CVE-2020-35490|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
|CVE-2020-35491|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|

 

 

 

  was:
High security vulnerability has been reported in the JDOM library bundled within SOLR 8.9:

 CVE-2021-33813

*Affected Component(s):* JDOM
*Vulnerability Published:* 2021-06-16 08:15 EDT
*Vulnerability Updated:* 2021-06-21 18:21 EDT
*CVSS Score:* {color:#FF0000}7.5{color} (overall), {color:#FF0000}7.5{color} (base)

*Summary*: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

 

 

 


> High security vulnerability in jackson-databind bundled within Solr 8.9
> -----------------------------------------------------------------------
>
>                 Key: SOLR-15530
>                 URL: https://issues.apache.org/jira/browse/SOLR-15530
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 8.9
>            Reporter: WCM RnD
>            Priority: Critical
>
> High security vulnerability has been reported in  jackson_databind bundled within SOLR 8.9:
>  
> |CVE-2018-7489|9.8|critical|fixed in 2.9.5, 2.8.11.1, 2.7.9.3| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
> |CVE-2020-35490|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
> |CVE-2020-35491|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org