Sujeet-A created SOLR-17303:
-------------------------------
Summary: CVE-2023-39410: Upgrade to apache-avro version 1.11.3
Key: SOLR-17303
URL: https://issues.apache.org/jira/browse/SOLR-17303
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Affects Versions: 9.6
Reporter: Sujeet-A
CVE-2023-39410: Upgrade Apache-Avro version to 1.11.3
When deserializing untrusted or corrupted data, it is possible for a reader to
consume memory beyond the allowed constraints and thus lead to out of memory on
the system. This issue affects Java applications using Apache Avro Java SDK up
to and including 1.11.2.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
