[ https://issues.apache.org/jira/browse/SOLR-17303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Smiley resolved SOLR-17303. --------------------------------- Resolution: Invalid Solr doesn't use Avro. > CVE-2023-39410: Upgrade to apache-avro version 1.11.3 > ----------------------------------------------------- > > Key: SOLR-17303 > URL: https://issues.apache.org/jira/browse/SOLR-17303 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: security > Affects Versions: 9.6 > Reporter: Sujeet Hinge > Priority: Major > > CVE-2023-39410: Upgrade Apache-Avro version to 1.11.3 > When deserializing untrusted or corrupted data, it is possible for a reader > to consume memory beyond the allowed constraints and thus lead to out of > memory on the system. This issue affects Java applications using Apache Avro > Java SDK up to and including 1.11.2. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org