[ https://issues.apache.org/jira/browse/SOLR-16572?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kira Traynor resolved SOLR-16572. --------------------------------- Resolution: Duplicate > Update FasterXML Woodstox Dependency for CVE-2022-40153 > ------------------------------------------------------- > > Key: SOLR-16572 > URL: https://issues.apache.org/jira/browse/SOLR-16572 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Affects Versions: 9.0, 8.11.2, main (10.0) > Reporter: Kira Traynor > Priority: Major > > There are CVEs associated with the com.fasterxml.woodstox:woodstox-core > dependency. The current version of this dependency in Solr is 6.2.8 and the > vulnerabilities are fixed in 6.4.0. > All the CVEs related to woodstox-core version 6.2.8: > [CVE-2022-40156|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40156] > [CVE-2022-40155|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40155] > [CVE-2022-40154|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40154] > [CVE-2022-40153|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40153] -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org