[ https://issues.apache.org/jira/browse/SOLR-15530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Cassandra Targett resolved SOLR-15530. -------------------------------------- Resolution: Not A Problem The CVEs listed here are included on the list of jackson-databind CVEs which are not exploitable by Solr: https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools > High security vulnerability in jackson-databind bundled within Solr 8.9 > ----------------------------------------------------------------------- > > Key: SOLR-15530 > URL: https://issues.apache.org/jira/browse/SOLR-15530 > Project: Solr > Issue Type: Bug > Affects Versions: 8.9 > Reporter: WCM RnD > Priority: Critical > > High security vulnerability has been reported in jackson_databind bundled > within SOLR 8.9, few with CVSS score of 9.8: > > |CVE-2018-7489|9.8|critical|fixed in 2.9.5, 2.8.11.1, 2.7.9.3| > |com.fasterxml.jackson.core_jackson-databind_2.4.0| > |CVE-2020-35490|8.1|high|*fixed in 2.9.10.8*| > |com.fasterxml.jackson.core_jackson-databind_2.4.0| > |CVE-2020-35491|8.1|high|*fixed in 2.9.10.8*| > |com.fasterxml.jackson.core_jackson-databind_2.4.0| > > > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org