[
https://issues.apache.org/jira/browse/SOLR-17239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17838652#comment-17838652
]
Ishan Chattopadhyaya commented on SOLR-17239:
---------------------------------------------
Solr is not known to be vulnerable because of these libraries. If you think
otherwise, please free to let us know exactly how and why.
> Vulnerabilities in libs present in example directory
> ----------------------------------------------------
>
> Key: SOLR-17239
> URL: https://issues.apache.org/jira/browse/SOLR-17239
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Components: SolrCloud
> Affects Versions: 8.11.3
> Reporter: Parag Ninawe
> Priority: Major
>
> Vulnerable packages in example folder
> |CVE-2015-1832|derby-10.9.1.0.jar (10.9.1.0):
> org.apache.derby:derby|['.../solr-8.11.3/example/example-DIH/solr/db/lib/derby-10.9.1.0.jar']|
> |CVE-2022-41853|hsqldb-2.5.2.jar (2.5.2):
> org.hsqldb:hsqldb|['.../solr-8.11.3/example/example-DIH/solr/db/lib/hsqldb-2.5.2.jar']|
> |CVE-2022-46337|derby-10.9.1.0.jar (10.9.1.0):
> org.apache.derby:derby|['.../solr-8.11.3/example/example-DIH/solr/db/lib/derby-10.9.1.0.jar']|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
