Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Invalid
-
9.6
-
None
Description
During our recent security assessments, we have identified several vulnerabilities in the SOLR 9.6.0 package related to Golang and Ubuntu components. Given the potential risk to our systems, we are reaching out for your expertise and support in addressing these issues promptly.
Ubuntu Vulnerabilities:
· CVE-2024-33599
· CVE-2024-2236
· CVE-2024-33600
· CVE-2024-26462
· CVE-2024-22916
· CVE-2024-31879
Golang Vulnerabilities in SOLR 9.6.0:
· CVE-2023-29402
· CVE-2023-24538
· CVE-2022-23806
· CVE-2021-38297
· CVE-2023-29405
· CVE-2023-29404
· CVE-2023-24540
· CVE-2023-39323
· CVE-2022-30633
· CVE-2023-24534
· CVE-2022-29804
· CVE-2022-30630
· CVE-2023-24539
· CVE-2022-2880
· CVE-2023-45285
· CVE-2021-41771
· CVE-2023-45287
· CVE-2022-30631
· CVE-2022-23772
The component impacted includes the Golang library with the hash sha256 51611cdb452a872da14c789533d5aa5208d025f7d940c4367d140ca3b5e66d07. We urgently need to understand the potential patches or mitigation strategies you recommend, and the timeline for when these might be implemented in SOLR.
Attachments
Issue Links
- links to