Hi, Our vulnerability scanning tool found a vulnerability from Hadoop in Solr 8.11.2. More specifically, it is introduced through org.apache.solr:solr-core@8.11.2 › org.apache.hadoop:hadoop-common@3.2.2. The published vulnerability is listed as CVE-2022-25168: https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130
This vulnerability is not listed on Solr Security News, but also not under the false positives on the SolrSecurity Confluence page. We were wondering if this is a real vulnerability for Solr and if in particular Solr 8.11.2 is affected by this vulnerability? Thanks in advance. Kind regards, Richard
