Hey Guys, Our team is using Solr 8.4.1 in a kubernetes cluster using the public image from docker hub. The containers before getting deployed to the cluster get whitescanned and it lists all the CVEs in the container. This is list of CVE we have for Solr
CVE-2020-11619, CVE-2020-11620, CVE-2020-8840, CVE-2019-10088, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2019-10094, CVE-2019-12402 Most of the CVEs are because of the old version of Jackson-databind, and it has been fixed in the 2.9.10.4 version. So what would be the best way to report this and to get it fixed? CVE is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities. -- Regards: Pinkesh Sharma