[
https://issues.apache.org/jira/browse/SOLR-17833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18011444#comment-18011444
]
Piotr Karwasz commented on SOLR-17833:
--------------------------------------
Hi,
Could you please assign this issue to me?
This issue was created by a shell script I'm developing to automate the
creation of JIRA issues for vulnerabilities in dependencies distributed in the
{{solr-<version>.tgz}} archive. The long-term goal is to run this script
automatically whenever a new vulnerability affects one of the distributed
dependencies.
At the moment, I'm running the script manually, as I don’t have access to a
JIRA test instance. The script is designed to avoid noise by filtering out
false positives — such as vulnerabilities in test dependencies or Gradle
plugins — so you should only see issues that represent real concerns for
shipped artifacts.
Thanks!
> Assess expoitability of CVE-2024-7254 in dependency `protobuf-java`
> -------------------------------------------------------------------
>
> Key: SOLR-17833
> URL: https://issues.apache.org/jira/browse/SOLR-17833
> Project: Solr
> Issue Type: Task
> Reporter: Piotr Karwasz
> Priority: Major
> Labels: security
>
> h2. Vulnerability Assessment Request
> Please assess the exploitability of the following vulnerability in Apache
> Solr:
> * *Dependency*: `protobuf-java`
> * *CVE ID*: `CVE-2024-7254`
> * *GHSA ID*: `GHSA-735f-pc8j-v9w8`
> * *Severity*: `high`
> protobuf-java has potential Denial of Service issue
> h3. Context
> This issue was automatically created to track and assess the impact of the
> reported vulnerability on Apache Solr.
> Please provide your analysis and recommended actions.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
