You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Cassandra Targett (Jira)" <ji...@apache.org> on 2021/08/13 16:18:00 UTC
[jira] [Resolved] (SOLR-15530) High security vulnerability in
jackson-databind bundled within Solr 8.9
[ https://issues.apache.org/jira/browse/SOLR-15530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cassandra Targett resolved SOLR-15530.
--------------------------------------
Resolution: Not A Problem
The CVEs listed here are included on the list of jackson-databind CVEs which are not exploitable by Solr: https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools
> High security vulnerability in jackson-databind bundled within Solr 8.9
> -----------------------------------------------------------------------
>
> Key: SOLR-15530
> URL: https://issues.apache.org/jira/browse/SOLR-15530
> Project: Solr
> Issue Type: Bug
> Affects Versions: 8.9
> Reporter: WCM RnD
> Priority: Critical
>
> High security vulnerability has been reported in jackson_databind bundled within SOLR 8.9, few with CVSS score of 9.8:
>
> |CVE-2018-7489|9.8|critical|fixed in 2.9.5, 2.8.11.1, 2.7.9.3| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
> |CVE-2020-35490|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
> |CVE-2020-35491|8.1|high|*fixed in 2.9.10.8*| |com.fasterxml.jackson.core_jackson-databind_2.4.0|
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org