[ https://issues.apache.org/jira/browse/SOLR-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Risden updated SOLR-13112: -------------------------------- Priority: Major (was: Blocker) > CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat > Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : > 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers... > -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: SOLR-13112 > URL: https://issues.apache.org/jira/browse/SOLR-13112 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 7.6 > Environment: RedHat Linux. May run from RHEL versions 5, 6 or 7 > but this issue is from Sonatype component scan and should be independent of > Linux platform version. > Reporter: RobertHathaway > Assignee: Kevin Risden > Priority: Major > > We can't move to Solr 7 without fixing this issue flagged by Sonatype scan Of > Solr - 7.6.0 Build, > Using Scanner 1.56.0-01 > Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : > jackson-databind : 2.9.6 > FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to > execute arbitrary code by leveraging failure to block the slf4j-ext class > from polymorphic deserialization. > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718 -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org