Hi, It would be helpful if you instead of copy/pasting 10 CVE numbers, could break it up and list one by one with its title and summary, and why you have reason to worry that it is a problem for Solr.
Then our team can consider each one you believe to be problematic, and decide whether we are vulnerable or not, and perhaps update the list at https://solr.apache.org/security.html#cve-reports-for-apache-solr-dependencies with the findings. We also accept Pull Requests for that page at https://github.com/apache/solr-site Jan > 22. aug. 2023 kl. 13:03 skrev Tim Pfeifer (ext) > <tim.pfeifer....@devk.de.INVALID>: > > Dear Apache Solr Community, > > We are currently in the process of migrating to AWS Cloud, and as part of > this transition, we scanned our existing Apache Solr 8.11.2 with AquaSec. > Several critical security vulnerabilities have emerged from this scan. > > While many of the identified CVEs are already listed on > https://solr.apache.org/security.html and labeled as "not affected", there > are some for which we couldn't find any information. We would like to know if > Apache Solr is affected by the following CVEs: > > * CVE-2018-11307 > * CVE-2018-14718 > * CVE-2019-14892 > * CVE-2019-16943 > * CVE-2019-17267 > * CVE-2019-17531 > * CVE-2019-20330 > * CVE-2020-8840 > * CVE-2020-9547 > * CVE-2020-9548 > > This information is crucial for us to ensure that our deployment is secure > and approved by our security department. Any information or advice you can > provide regarding the aforementioned CVEs would be greatly appreciated. > > In conclusion, I thank you in advance for your time and support. Please let > me know if you need any additional information or if I should clarify my > request further. I will patiently await your response and am open to any > feedback or suggestions. > > Warm regards, > Tim
