[ 
https://issues.apache.org/jira/browse/SOLR-17303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Smiley resolved SOLR-17303.
---------------------------------
    Resolution: Invalid

Solr doesn't use Avro.

> CVE-2023-39410: Upgrade to apache-avro version 1.11.3
> -----------------------------------------------------
>
>                 Key: SOLR-17303
>                 URL: https://issues.apache.org/jira/browse/SOLR-17303
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 9.6
>            Reporter: Sujeet Hinge
>            Priority: Major
>
> CVE-2023-39410: Upgrade Apache-Avro version to 1.11.3
> When deserializing untrusted or corrupted data, it is possible for a reader 
> to consume memory beyond the allowed constraints and thus lead to out of 
> memory on the system.  This issue affects Java applications using Apache Avro 
> Java SDK up to and including 1.11.2. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to