You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Kira Traynor (Jira)" <ji...@apache.org> on 2022/12/02 19:14:00 UTC

[jira] [Created] (SOLR-16572) Update FasterXML Woodstox Dependency for CVE-2022-40153

Kira Traynor created SOLR-16572:
-----------------------------------

             Summary: Update FasterXML Woodstox Dependency for CVE-2022-40153
                 Key: SOLR-16572
                 URL: https://issues.apache.org/jira/browse/SOLR-16572
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
    Affects Versions: 8.11.2, 9.0, main (10.0)
            Reporter: Kira Traynor


There are CVEs associated with the com.fasterxml.woodstox:woodstox-core dependency. The current version of this dependency in Solr is 6.2.8 and the vulnerabilities are fixed in 6.4.0. 

All the CVEs related to woodstox-core version 6.2.8:

[CVE-2022-40156|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40156]
[CVE-2022-40155|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40155]
[CVE-2022-40154|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40154]
[CVE-2022-40153|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40153]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org