[jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2

Nazerke Seidan (Jira) Mon, 19 Apr 2021 09:05:16 -0700

Nazerke Seidan created SOLR-15355:
-------------------------------------

             Summary: CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2
                 Key: SOLR-15355
                 URL: https://issues.apache.org/jira/browse/SOLR-15355
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
          Components: hdfs, security
    Affects Versions: 8.6.2, 8.6
            Reporter: Nazerke Seidan



CVE-2020-9492 vuln. issue is found in 
*maven:org.apache.hadoop:hadoop-hdfs-client* (version-*3.2.0*) It seems with 
the version 3.2.0 hdfs client might send authorization header to remote url 
without verification. 
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9492)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[jira] [Created] (SOLR-15355) CVE-2020-9492: Upgrade hadoop-hdfs-client to 3.2.2

Reply via email to