Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-17353

CVE for GoLang and Ubuntu

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Invalid
    • 9.6
    • None
    • security

    Description

      During our recent security assessments, we have identified several vulnerabilities in the SOLR 9.6.0 package related to Golang and Ubuntu components. Given the potential risk to our systems, we are reaching out for your expertise and support in addressing these issues promptly.

      Ubuntu Vulnerabilities:

      ·  CVE-2024-33599

      ·  CVE-2024-2236

      ·  CVE-2024-33600

      ·  CVE-2024-26462

      ·  CVE-2024-22916

      ·  CVE-2024-31879

      Golang Vulnerabilities in SOLR 9.6.0:

      ·  CVE-2023-29402

      ·  CVE-2023-24538

      ·  CVE-2022-23806

      ·  CVE-2021-38297

      ·  CVE-2023-29405

      ·  CVE-2023-29404

      ·  CVE-2023-24540

      ·  CVE-2023-39323

      ·  CVE-2022-30633

      ·  CVE-2023-24534

      ·  CVE-2022-29804

      ·  CVE-2022-30630

      ·  CVE-2023-24539

      ·  CVE-2022-2880

      ·  CVE-2023-45285

      ·  CVE-2021-41771

      ·  CVE-2023-45287

      ·  CVE-2022-30631

      ·  CVE-2022-23772

      The component impacted includes the Golang library with the hash sha256 51611cdb452a872da14c789533d5aa5208d025f7d940c4367d140ca3b5e66d07. We urgently need to understand the potential patches or mitigation strategies you recommend, and the timeline for when these might be implemented in SOLR.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              sujeet-hinge Sujeet Hinge
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m