[
https://issues.apache.org/jira/browse/SOLR-17353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl reopened SOLR-17353:
--------------------------------
Assignee: Jan Høydahl
> CVE for GoLang and Ubuntu
> -------------------------
>
> Key: SOLR-17353
> URL: https://issues.apache.org/jira/browse/SOLR-17353
> Project: Solr
> Issue Type: Bug
> Components: security
> Affects Versions: 9.6
> Reporter: Sujeet Hinge
> Assignee: Jan Høydahl
> Priority: Major
> Labels: pull-request-available
> Time Spent: 40m
> Remaining Estimate: 0h
>
> During our recent security assessments, we have identified several
> vulnerabilities in the SOLR 9.6.0 package related to Golang and Ubuntu
> components. Given the potential risk to our systems, we are reaching out for
> your expertise and support in addressing these issues promptly.
> *Ubuntu Vulnerabilities:*
> · CVE-2024-33599
> · CVE-2024-2236
> · CVE-2024-33600
> · CVE-2024-26462
> · CVE-2024-22916
> · CVE-2024-31879
> *Golang Vulnerabilities in SOLR 9.6.0:*
> · CVE-2023-29402
> · CVE-2023-24538
> · CVE-2022-23806
> · CVE-2021-38297
> · CVE-2023-29405
> · CVE-2023-29404
> · CVE-2023-24540
> · CVE-2023-39323
> · CVE-2022-30633
> · CVE-2023-24534
> · CVE-2022-29804
> · CVE-2022-30630
> · CVE-2023-24539
> · CVE-2022-2880
> · CVE-2023-45285
> · CVE-2021-41771
> · CVE-2023-45287
> · CVE-2022-30631
> · CVE-2022-23772
> The component impacted includes the Golang library with the hash {{{}sha256
> 51611cdb452a872da14c789533d5aa5208d025f7d940c4367d140ca3b5e66d07{}}}. We
> urgently need to understand the potential patches or mitigation strategies
> you recommend, and the timeline for when these might be implemented in SOLR.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
