Hi community. By the chance do you have any update regarding this reported CVE-2024-6763?
Best, Emmanuel Altamirano (E-man-u-well aa l t aa – m ih r AA n oh) Sr Consultant, Applications Development emmanuel.altamir...@transunion.com<mailto:emmanuel.altamir...@transunion.com> P: 312-985-3149 M: 312-860-3774 555 West Adams St | Chicago, IL 60661 transunion.com<http://transunion.com/> Pronouns: He/Him [TULogo-blue-rgb-120px-01] This email including, without limitation, the attachments, if any, accompanying this email, may contain information which is confidential or privileged and exempt from disclosure under applicable law. The information is for the use of the intended recipient. If you are not the intended recipient, be aware that any disclosure, copying, distribution, review or use of the contents of this email, and/or its attachments, is without authorization and is prohibited. If you have received this email in error, please notify us by reply email immediately and destroy all copies of this email and its attachments. ________________________________ From: Akash Bande <akash.bande.w...@gmail.com> Sent: Thursday, February 13, 2025 7:26 AM To: users@solr.apache.org <users@solr.apache.org>; secur...@solr.apache.org <secur...@solr.apache.org> Cc: Altamirano, Emmanuel <emmanuel.altamir...@transunion.com> Subject: Medium vulnerability CVE-2024-6763 found in org.eclipse.jetty:jetty-http 10.0.22 This Message is from a New Sender This message was sent from a sender with whom you have not previously corresponded. Report Suspicious<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/GX53klZ1TQ0!Y2Oq2O_VnLdrKaNjiGPCY5iAgLasdnz2JqH67BlpjlJqyqgzL5O5qylTdJY4UZQJfACG3HekaTShuKMMYbyVz9I1yuW6JtvUHgsshoIcjx-QSZR9hESEC1veBYs-la1yHeHAKA$> Hello solr security team and users, Our team found medium level vulnerability in checkmarx report for the dependency org.eclipse.jetty:jetty-http 10.0.22 in the solr-9.7.0 package. Details of reported vulnerability is as follows, Id : CVE-2024-6763 Category : CWE-1286 | Improper Validation of Syntactic Correctness of Input Dependency : org.eclipse.jetty:jetty-http 10.0.22 Can you please take a note of it and suggest us remedy if any. Thanks and regards, Akash Bande.
