[jira] [Resolved] (SOLR-16572) Update FasterXML Woodstox Dependency for CVE-2022-40153

Kira Traynor (Jira) Fri, 02 Dec 2022 11:23:07 -0800


     [ 
https://issues.apache.org/jira/browse/SOLR-16572?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kira Traynor resolved SOLR-16572.
---------------------------------
    Resolution: Duplicate

> Update FasterXML Woodstox Dependency for CVE-2022-40153
> -------------------------------------------------------
>
>                 Key: SOLR-16572
>                 URL: https://issues.apache.org/jira/browse/SOLR-16572
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 9.0, 8.11.2, main (10.0)
>            Reporter: Kira Traynor
>            Priority: Major
>
> There are CVEs associated with the com.fasterxml.woodstox:woodstox-core 
> dependency. The current version of this dependency in Solr is 6.2.8 and the 
> vulnerabilities are fixed in 6.4.0. 
> All the CVEs related to woodstox-core version 6.2.8:
> [CVE-2022-40156|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40156]
> [CVE-2022-40155|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40155]
> [CVE-2022-40154|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40154]
> [CVE-2022-40153|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40153]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

[jira] [Resolved] (SOLR-16572) Update FasterXML Woodstox Dependency for CVE-2022-40153

Reply via email to