CVE-2023-36478:
Description:
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0
through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer
overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values
to exceed their size limit.
CVE-2021-31684:
Description
A vulnerability was discovered in the indexOf function of JSONParserByteArray
in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a
crafted web request.
Severity: High
The issue has been fixed in versions 2.4.4, 1.3.3
Credit:
Shahry
Hi there,
Thank you for your prompt response.
Our scans have detected these CVEs in 9.1 and higher (At least the one we have
tested).
I’d highly appreciate if you could link me to the appropriate changelog for
these changes.
Thanks.
On 2024/02/13 16:55:24 Jan Høydahl wrote:
> Hi Shahryar,
>
t;path":
"/opt/solr-9.5.0/modules/hdfs/lib/hadoop-client-runtime-3.3.6.jar"
},
This seems to be the root cause of both the CVE-2021-31684 and CVE-2023-36478.
Thanks,
Sean
On 2024/02/14 06:37:35 Shawn Heisey wrote:
> On 2/13/2024 10:06, Shahryar Shagoshtasbi wrote:
> > Tha
