[
https://issues.apache.org/jira/browse/SOLR-15530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
WCM RnD updated SOLR-15530:
---------------------------
Description:
High security vulnerability has been reported in jackson_databind bundled
within SOLR 8.9:
|CVE-2018-7489|9.8|critical|fixed in 2.9.5, 2.8.11.1, 2.7.9.3|
|com.fasterxml.jackson.core_jackson-databind_2.4.0|
|CVE-2020-35490|8.1|high|*fixed in 2.9.10.8*|
|com.fasterxml.jackson.core_jackson-databind_2.4.0|
|CVE-2020-35491|8.1|high|*fixed in 2.9.10.8*|
|com.fasterxml.jackson.core_jackson-databind_2.4.0|
was:
High security vulnerability has been reported in the JDOM library bundled
within SOLR 8.9:
CVE-2021-33813
*Affected Component(s):* JDOM
*Vulnerability Published:* 2021-06-16 08:15 EDT
*Vulnerability Updated:* 2021-06-21 18:21 EDT
*CVSS Score:* {color:#FF0000}7.5{color} (overall), {color:#FF0000}7.5{color}
(base)
*Summary*: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to
cause a denial of service via a crafted HTTP request.
> High security vulnerability in jackson-databind bundled within Solr 8.9
> -----------------------------------------------------------------------
>
> Key: SOLR-15530
> URL: https://issues.apache.org/jira/browse/SOLR-15530
> Project: Solr
> Issue Type: Bug
> Affects Versions: 8.9
> Reporter: WCM RnD
> Priority: Critical
>
> High security vulnerability has been reported in jackson_databind bundled
> within SOLR 8.9:
>
> |CVE-2018-7489|9.8|critical|fixed in 2.9.5, 2.8.11.1, 2.7.9.3|
> |com.fasterxml.jackson.core_jackson-databind_2.4.0|
> |CVE-2020-35490|8.1|high|*fixed in 2.9.10.8*|
> |com.fasterxml.jackson.core_jackson-databind_2.4.0|
> |CVE-2020-35491|8.1|high|*fixed in 2.9.10.8*|
> |com.fasterxml.jackson.core_jackson-databind_2.4.0|
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
