https://nvd.nist.gov/vuln/detail/CVE-2022-40153
Our container scan found a potential security vulnerability in Solr 9.0.0 and 9.1.0 for woodstox-core. I checked the security page, the official list of non-exploitable vulnerabilities and the user mailing list. I also checked jira. There are a number of tickets concerning woodstox, but they seem to be prior issues. For 9.1.0, the package version seems to be 6.2.8 /solr/server/solr-webapp/webapp/WEB-INF/lib/woodstox-core-6.2.8.jar This vulnerability is addressed in 6.4.0. Does anyone know if this vulnerability is exploitable in Solr? If so, under what circumstances? Thanks, Bill
