You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2022/11/02 19:40:57 UTC

[GitHub] [solr-operator] jkgonzio opened a new issue, #487: CVE Security Vulnerabilities

jkgonzio opened a new issue, #487:
URL: https://github.com/apache/solr-operator/issues/487

   I ran a flexline scan and ran into some security vulnerabilities that should be remediated:
   
   Vulnerability ID: CVE-2021-33194
   Finding Level: High
   Package: golang.org/x/net/html
   Version: v0.0.0-20210520170846-37e1c6afe023
   Fixed Version: 0.0.0-20210520170846-37e1c6afe023
   Desc: golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
   Link: https://avd.aquasec.com/nvd/2021/cve-2021-33194/ 
   
   Vulnerability ID: CVE-2022-27664
   Finding Level: High
   Package: golang.org/net/http
   Version: v0.0.0-20210428140749-89ef3d95e781
   Fixed version: 0.0.0-20220906165146-f3363e06e74c
   Desc: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
   Link: https://avd.aquasec.com/nvd/2022/cve-2022-27664/
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr-operator] HoustonPutman closed issue #487: CVE Security Vulnerabilities

Posted by GitBox <gi...@apache.org>.

HoustonPutman closed issue #487: CVE Security Vulnerabilities
URL: https://github.com/apache/solr-operator/issues/487


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org