Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-16572

Update FasterXML Woodstox Dependency for CVE-2022-40153

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 9.0, 8.11.2, main (10.0)
    • None
    • None
    • None

    Description

      There are CVEs associated with the com.fasterxml.woodstox:woodstox-core dependency. The current version of this dependency in Solr is 6.2.8 and the vulnerabilities are fixed in 6.4.0. 

      All the CVEs related to woodstox-core version 6.2.8:

      CVE-2022-40156
      CVE-2022-40155
      CVE-2022-40154
      CVE-2022-40153

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. SOLR-16568 Update woodstox-core to 6.4.0 to mitigate CVE-2022-40152

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              kiratraynor Kira Traynor
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: