[
https://issues.apache.org/jira/browse/SOLR-17303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848869#comment-17848869
]
Sujeet Hinge commented on SOLR-17303:
-------------------------------------
org.apache.solr:solr-core=9.6.0
-> org.apache.zookeeper:zookeeper=3.9.1
-> org.xerial.snappy:snappy-java=1.1.10.1
-> org.apache.hadoop:hadoop-common=2.10.2
-> org.apache.avro:avro=1.7.7
> CVE-2023-39410: Upgrade to apache-avro version 1.11.3
> -----------------------------------------------------
>
> Key: SOLR-17303
> URL: https://issues.apache.org/jira/browse/SOLR-17303
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Affects Versions: 9.6
> Reporter: Sujeet Hinge
> Priority: Major
>
> CVE-2023-39410: Upgrade Apache-Avro version to 1.11.3
> When deserializing untrusted or corrupted data, it is possible for a reader
> to consume memory beyond the allowed constraints and thus lead to out of
> memory on the system. This issue affects Java applications using Apache Avro
> Java SDK up to and including 1.11.2.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
