Our container scan found a potential security vulnerability in Solr 9.0.0 and 9.1.0 for woodstox-core.
I checked the security page, the official list of non-exploitable vulnerabilities and the user mailing list. For 9.1.0, the package version seems to be 6.2.8 /solr/server/solr-webapp/webapp/WEB-INF/lib/woodstox-core-6.2.8.jar This vulnerability is addressed in 6.4.0. Does anyone know if this vulnerability is exploitable in Solr? If so, under what circumstances? Thanks, Bill
