[jira] [Commented] (SOLR-17906) CVE-2025-5115: vulnerability in the http2-common dependency

Alexander Veit (Jira) Sun, 14 Sep 2025 05:26:38 -0700


    [ 
https://issues.apache.org/jira/browse/SOLR-17906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18020146#comment-18020146
 ]


Alexander Veit commented on SOLR-17906:
---------------------------------------

This issue has been fixed in the Solr branch_9x.

https://github.com/apache/solr/commit/2d6dcf65fe57e6080b0bc5a925716ca256e0bf44

> CVE-2025-5115: vulnerability in the http2-common dependency
> -----------------------------------------------------------
>
>                 Key: SOLR-17906
>                 URL: https://issues.apache.org/jira/browse/SOLR-17906
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 9.9.0
>            Reporter: Alexander Veit
>            Priority: Major
>              Labels: security
>
> {{org.eclipse.jetty.http2:http2-common:11.0.22}} which is included in Solr 
> 9.9.0 comes with CVE-2025-5115 (Score 7.7).
> [https://nvd.nist.gov/vuln/detail/CVE-2025-5115]
> Possible solution: {{http2-common:11.0.26}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SOLR-17906) CVE-2025-5115: vulnerability in the http2-common dependency

Reply via email to