CVEs (vulnerabilities) that apply to Solr 8.4.1

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CVEs (vulnerabilities) that apply to Solr 8.4.1

Ahlberg, Christopher C.

Our TRM team (Technology Risk Management) has provided us with the attached vulnerabilities analysis for Solr 8.4.1, (security issues extracted below.)

 

Has anyone out there in the Solr community done anything to document workarounds or mitigations for any of these identified vulnerabilities in Solr 8.4.1?  Does anyone know if work to address these issues is happening for subsequent releases?

 

Any and all comments will be greatly appreciated!

 

From their analysis:

Security Issues

Threat Level     Problem Code              Component                                                                  Status

9                      sonatype-2019-0115      jQuery 1.7.1                                                                  Open

sonatype-2019-0115      com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2    Open

CVE-2015-1832             org.apache.derby : derby : 10.9.1.0                                 Open

CVE-2015-1832             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2017-1000190        org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2019-0115      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2019-0494      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

8                      CVE-2019-10088            org.apache.tika : tika-core : 1.19.1                                  Open

CVE-2019-10088            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

7                      CVE-2012-0881             apache-xerces : xercesImpl : 2.9.1                                 Open

CVE-2013-4002             apache-xerces : xercesImpl : 2.9.1                                 Open

CVE-2019-14262            com.drewnoakes : metadata-extractor : 2.11.0                Open

CVE-2019-12402            org.apache.commons : commons-compress : 1.18          Open

CVE-2019-10094            org.apache.tika : tika-core : 1.19.1                                  Open

CVE-2012-0881             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2013-4002             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2014-0114             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-10094            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-12086            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-12402            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-14262            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-17558            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

6                      sonatype-2014-0026      jQuery 1.7.1                                                                  Open

sonatype-2014-0026      com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2    Open

sonatype-2018-0330      org.apache.ant : ant : 1.8.2                                            Open

CVE-2018-17197            org.apache.tika : tika-core : 1.19.1                                  Open

CVE-2018-17197            org.apache.tika : tika-parsers : 1.19.1                             Open

CVE-2019-10093            org.apache.tika : tika-parsers : 1.19.1                             Open

sonatype-2018-0469      org.apache.zookeeper : zookeeper : 3.5.5                       Open

CVE-2018-17197            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-10093            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2014-0026      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2018-0330      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

5                      CVE-2009-2625             apache-xerces : xercesImpl : 2.9.1                                 Open

sonatype-2017-0348      apache-xerces : xercesImpl : 2.9.1                                 Open

sonatype-2012-0050      commons-codec : commons-codec : 1.11                       Open

sonatype-2014-0173      commons-fileupload : commons-fileupload : 1.3.3           Open

sonatype-2020-0026      io.netty : netty-handler : 4.1.29.Final                               Open

CVE-2012-2098             org.apache.ant : ant : 1.8.2                                            Open

CVE-2019-12415            org.apache.poi : poi-ooxml : 4.0.0                                  Open

CVE-2018-8010             org.apache.solr : solr-core : 8.4.1                                   Open

CVE-2009-2625             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2012-2098             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2018-8010             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-12415            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2012-0050      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2014-0173      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2017-0348      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

4                      sonatype-2017-0492      com.sun.mail : javax.mail : 1.5.1                                     Open

sonatype-2017-0492      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

 

 

Christopher Ahlberg

Director

Middleware Plat & Foundation

DTCC New York

+1 212 855-3995 | [hidden email]

 

Visit us at www.dtcc.com or connect with us on LinkedIn, Twitter, Facebook and YouTube.

To learn about career opportunities at DTCC, please visit careers.dtcc.com.

 

DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Reply | Threaded
Open this post in threaded view
|

Re: CVEs (vulnerabilities) that apply to Solr 8.4.1

Kevin Risden-3
https://lucene.apache.org/solr/security.html

The security page on the Solr website has details about how to report security items. It also has a link to the wiki page with details about some of these that are false positives.

Each version of Solr has dependency updates and addresses different dependency CVEs as they are reported and detected. I haven't looked through what was shared specifically but Solr 8.5 which is under vote addresses at least a few dependency upgrades.

Kevin Risden


On Fri, Mar 20, 2020 at 10:23 AM Ahlberg, Christopher C. <[hidden email]> wrote:

Our TRM team (Technology Risk Management) has provided us with the attached vulnerabilities analysis for Solr 8.4.1, (security issues extracted below.)

 

Has anyone out there in the Solr community done anything to document workarounds or mitigations for any of these identified vulnerabilities in Solr 8.4.1?  Does anyone know if work to address these issues is happening for subsequent releases?

 

Any and all comments will be greatly appreciated!

 

From their analysis:

Security Issues

Threat Level     Problem Code              Component                                                                  Status

9                      sonatype-2019-0115      jQuery 1.7.1                                                                  Open

sonatype-2019-0115      com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2    Open

CVE-2015-1832             org.apache.derby : derby : 10.9.1.0                                 Open

CVE-2015-1832             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2017-1000190        org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2019-0115      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2019-0494      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

8                      CVE-2019-10088            org.apache.tika : tika-core : 1.19.1                                  Open

CVE-2019-10088            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

7                      CVE-2012-0881             apache-xerces : xercesImpl : 2.9.1                                 Open

CVE-2013-4002             apache-xerces : xercesImpl : 2.9.1                                 Open

CVE-2019-14262            com.drewnoakes : metadata-extractor : 2.11.0                Open

CVE-2019-12402            org.apache.commons : commons-compress : 1.18          Open

CVE-2019-10094            org.apache.tika : tika-core : 1.19.1                                  Open

CVE-2012-0881             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2013-4002             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2014-0114             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-10094            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-12086            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-12402            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-14262            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-17558            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

6                      sonatype-2014-0026      jQuery 1.7.1                                                                  Open

sonatype-2014-0026      com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2    Open

sonatype-2018-0330      org.apache.ant : ant : 1.8.2                                            Open

CVE-2018-17197            org.apache.tika : tika-core : 1.19.1                                  Open

CVE-2018-17197            org.apache.tika : tika-parsers : 1.19.1                             Open

CVE-2019-10093            org.apache.tika : tika-parsers : 1.19.1                             Open

sonatype-2018-0469      org.apache.zookeeper : zookeeper : 3.5.5                       Open

CVE-2018-17197            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-10093            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2014-0026      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2018-0330      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

5                      CVE-2009-2625             apache-xerces : xercesImpl : 2.9.1                                 Open

sonatype-2017-0348      apache-xerces : xercesImpl : 2.9.1                                 Open

sonatype-2012-0050      commons-codec : commons-codec : 1.11                       Open

sonatype-2014-0173      commons-fileupload : commons-fileupload : 1.3.3           Open

sonatype-2020-0026      io.netty : netty-handler : 4.1.29.Final                               Open

CVE-2012-2098             org.apache.ant : ant : 1.8.2                                            Open

CVE-2019-12415            org.apache.poi : poi-ooxml : 4.0.0                                  Open

CVE-2018-8010             org.apache.solr : solr-core : 8.4.1                                   Open

CVE-2009-2625             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2012-2098             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2018-8010             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

CVE-2019-12415            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2012-0050      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2014-0173      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

sonatype-2017-0348      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

4                      sonatype-2017-0492      com.sun.mail : javax.mail : 1.5.1                                     Open

sonatype-2017-0492      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open

 

 

Christopher Ahlberg

Director

Middleware Plat & Foundation

DTCC New York

+1 212 855-3995 | [hidden email]

 

Visit us at www.dtcc.com or connect with us on LinkedIn, Twitter, Facebook and YouTube.

To learn about career opportunities at DTCC, please visit careers.dtcc.com.

 

DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Reply | Threaded
Open this post in threaded view
|

RE: CVEs (vulnerabilities) that apply to Solr 8.4.1

Ahlberg, Christopher C.
Thanks for the link Kevin!  We’ll check it out.

From: Kevin Risden <[hidden email]>
Sent: Friday, March 20, 2020 11:40 AM
To: [hidden email]
Cc: Canzoneri, Salvatore A. <[hidden email]>; All Team Cache and Search Engineering Personnel <[hidden email]>; Tuch, Barry S. <[hidden email]>; Brenenson, Aryeh <[hidden email]>
Subject: Re: CVEs (vulnerabilities) that apply to Solr 8.4.1

ATTENTION! This email originated outside of DTCC; exercise caution.
https://lucene.apache.org/solr/security.html<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flucene.apache.org%2Fsolr%2Fsecurity.html&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125523016&sdata=IJmuZAuHrS2x8miKoDXv9QJrwWfC7ovylPYQifzE6TE%3D&reserved=0>

The security page on the Solr website has details about how to report security items. It also has a link to the wiki page with details about some of these that are false positives.

Each version of Solr has dependency updates and addresses different dependency CVEs as they are reported and detected. I haven't looked through what was shared specifically but Solr 8.5 which is under vote addresses at least a few dependency upgrades.

Kevin Risden


On Fri, Mar 20, 2020 at 10:23 AM Ahlberg, Christopher C. <[hidden email]<mailto:[hidden email]>> wrote:
Our TRM team (Technology Risk Management) has provided us with the attached vulnerabilities analysis for Solr 8.4.1, (security issues extracted below.)

Has anyone out there in the Solr community done anything to document workarounds or mitigations for any of these identified vulnerabilities in Solr 8.4.1?  Does anyone know if work to address these issues is happening for subsequent releases?

Any and all comments will be greatly appreciated!

From their analysis:
Security Issues
Threat Level     Problem Code              Component                                                                  Status
9                      sonatype-2019-0115      jQuery 1.7.1                                                                  Open
sonatype-2019-0115      com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2    Open
CVE-2015-1832<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2015-1832&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125528005&sdata=4gsGjYQL5%2Bf2zIXrdInQBMaOckjdYvvXBPSTr3MXw0c%3D&reserved=0>             org.apache.derby : derby : 10.9.1.0                                 Open
CVE-2015-1832<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2015-1832&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125533000&sdata=YU6491OMPqfmMf0ZAbDEq8rhjC1Mw%2FCyyof%2FkcjBNe0%3D&reserved=0>             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2017-1000190<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2017-1000190&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125533000&sdata=i3nGuv36on8NbmOEBKJ%2Bnad%2Fko7PoAC6K%2BaoF0SkjBA%3D&reserved=0>        org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
sonatype-2019-0115      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
sonatype-2019-0494      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
8                      CVE-2019-10088<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10088&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125537989&sdata=rKMrNAzgy3sLcY%2FSLcrxTpskQO02Z0BXG2o0yq5gfPY%3D&reserved=0>            org.apache.tika : tika-core : 1.19.1                                  Open
CVE-2019-10088<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10088&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125542979&sdata=K6E34epNshx54%2F0mpoHnrXgqdoXynZskQAOaPmaxeXE%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
7                      CVE-2012-0881<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2012-0881&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125547970&sdata=uTrUqgQTgole3uF9bSx1TfRbzbCAdLPNLPIiAi0B928%3D&reserved=0>             apache-xerces : xercesImpl : 2.9.1                                 Open
CVE-2013-4002 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2013-4002&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125552960&sdata=FVOOrKlN4Z8h%2FISN5e6tr31iOT3nkXHWHlng2iolxXY%3D&reserved=0>             apache-xerces : xercesImpl : 2.9.1                                 Open
CVE-2019-14262<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-14262&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125557952&sdata=FlHdk9W6N7v9dncGwDjjFRi6xnDqLECfdVXZFCH7HN8%3D&reserved=0>            com.drewnoakes : metadata-extractor : 2.11.0                Open
CVE-2019-12402<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12402&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125562942&sdata=TS7hYSYWz4bXtymZ%2BBhktHmUTCzLVdgMC2am48SAY6g%3D&reserved=0>            org.apache.commons : commons-compress : 1.18          Open
CVE-2019-10094<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10094&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125562942&sdata=E8MA6l8%2Fo%2BcLV%2BcvaKg%2BK23YDvCqBnuxkgAle9JgVdE%3D&reserved=0>            org.apache.tika : tika-core : 1.19.1                                  Open
CVE-2012-0881 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2012-0881&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125567935&sdata=rOstnFGSS%2FKMSzxTD8TLF7CFKc9GZ9Of%2F3k1HSbjFVk%3D&reserved=0>             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2013-4002 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2013-4002&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125572922&sdata=KxItVC%2FLu8wOy4lqG3XF%2F4w2vR%2F8zfI%2FZIuPN4dYQAs%3D&reserved=0>             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2014-0114 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2014-0114&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125577918&sdata=frbSXFS2FM6%2BM49io9ZytA3BaBAIdeU6tEf9ZrFe0Fc%3D&reserved=0>             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2019-10094<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10094&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125582912&sdata=uzrVIdRRK4vkp2lNXLbxMRtgi4XmmM4Hz%2BFtlYY3stc%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2019-12086<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12086&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125587899&sdata=yHb4X8vRbQ5MIXcg%2B9gQarLIAix2VhUTNKBQo%2Fq1EqU%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2019-12402<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12402&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125592886&sdata=ysN%2BWmvQBnit%2BmFJjo8ag%2FlTNlmTcT8RI9Zt4co%2BFnM%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2019-14262<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-14262&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125597878&sdata=s5LpEQR95mPBIW%2BN5jJlBAFdeff4v5gf6NQ2QMdq62g%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2019-17558<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-17558&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125597878&sdata=UwQBmBKwGGi5ZvNZGJMGQNSgGIgbU6ZSb7ovUA0W%2BHw%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
6                      sonatype-2014-0026      jQuery 1.7.1                                                                  Open
sonatype-2014-0026      com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2    Open
sonatype-2018-0330      org.apache.ant : ant : 1.8.2                                            Open
CVE-2018-17197<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-17197&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125602867&sdata=edPYkYi4Vw9dKtpSpvVGGMbQSa961kN2dsDViiZtVtg%3D&reserved=0>            org.apache.tika : tika-core : 1.19.1                                  Open
CVE-2018-17197<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-17197&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125607867&sdata=wbFTbRi2SbKOfOEOsj30EI2CIkeFzcCcf7wpFHfrrtE%3D&reserved=0>            org.apache.tika : tika-parsers : 1.19.1                             Open
CVE-2019-10093            org.apache.tika : tika-parsers : 1.19.1                             Open
sonatype-2018-0469      org.apache.zookeeper : zookeeper : 3.5.5                       Open
CVE-2018-17197<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-17197&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125612848&sdata=i%2BfPUtFIohI0hzxooeMqWjkJly9RNIlBwx10Lku%2FiWM%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2019-10093<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10093&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125617838&sdata=dU5DJ%2FbBbA%2FBD2mkgCJGgjBrULxmfz6ydEcq0GG%2FHc0%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
sonatype-2014-0026      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
sonatype-2018-0330      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
5                      CVE-2009-2625 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2009-2625&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125622829&sdata=HUosJHgqV62bHiBU5or%2FA4c8%2FyqeQ7aiioS8ndGQ9G0%3D&reserved=0>             apache-xerces : xercesImpl : 2.9.1                                 Open
sonatype-2017-0348      apache-xerces : xercesImpl : 2.9.1                                 Open
sonatype-2012-0050      commons-codec : commons-codec : 1.11                       Open
sonatype-2014-0173      commons-fileupload : commons-fileupload : 1.3.3           Open
sonatype-2020-0026      io.netty : netty-handler : 4.1.29.Final                               Open
CVE-2012-2098 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2012-2098&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125622829&sdata=m6K5AKWvd0pV7JNwkOoOeiR6LSXmR7Kuf24OEc%2FKc3M%3D&reserved=0>             org.apache.ant : ant : 1.8.2                                            Open
CVE-2019-12415<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12415&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125627820&sdata=38kz1ASMA4sex2gcsTwsUAhBDjiahknFNz8aKTr7eqE%3D&reserved=0>            org.apache.poi : poi-ooxml : 4.0.0                                  Open
CVE-2018-8010 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-8010&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125632809&sdata=ly1OxhFzgbpifmREPzifgdkEAphZaPGQH2NWMxjNCNQ%3D&reserved=0>             org.apache.solr : solr-core : 8.4.1                                   Open
CVE-2009-2625 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2009-2625&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125637801&sdata=v0XoyRxGsIKXEvCl9fEwjvUzUiSK%2FhgmZyIAdURKViU%3D&reserved=0>             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2012-2098 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2012-2098&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125642791&sdata=M1Fo8bwZ7fNTpu%2Fk%2BYo2BLmJkNcY8s4WDenZjSrDoGI%3D&reserved=0>             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2018-8010 <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-8010&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125647787&sdata=0j7Dk3gUHwt7iAWaBbhRr7wuZIJxs22NgA1pjH7MuLU%3D&reserved=0>             org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
CVE-2019-12415<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12415&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125647787&sdata=h8AHo%2BnP0vRNQJ2SqDVYiycRGr92ke1c2%2FOCHhvqK8c%3D&reserved=0>            org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
sonatype-2012-0050      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
sonatype-2014-0173      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
sonatype-2017-0348      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open
4                      sonatype-2017-0492      com.sun.mail : javax.mail : 1.5.1                                     Open
sonatype-2017-0492      org.ikasan : ikasan-solr-distribution : zip : 3.0.0                Open


Christopher Ahlberg
Director
Middleware Plat & Foundation
DTCC New York
+1 212 855-3995 | [hidden email]<mailto:[hidden email]>
[cid:170f896f3365b16b21]

Visit us at www.dtcc.com<http://www.dtcc.com/> or connect with us on LinkedIn<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F6915%3Ftrk%3Dtyah%26trkInfo%3DclickedVertical%253Acompany%252CclickedEntityId%253A6915%252Cidx%253A4-2-11%252CtarId%253A1469742786610%252Ctas%253Adtcc&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125657768&sdata=g9xpAi5H4fTgpVkDiKbJ6ggQFH7Kf%2FLDlEVTzb%2FaZHk%3D&reserved=0>, Twitter<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FThe_DTCC&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125657768&sdata=pK5utUdFjq0Ig%2FcWBf1mWVORQwyAPrJ%2BbM3%2FBVhA6vI%3D&reserved=0>, Facebook<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fthedtcc&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125662763&sdata=L%2FNP%2BVwr6Q0mU0mebBJqqCGkR4neUoywy%2BRgiPOMX4g%3D&reserved=0> and YouTube<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCi4dnJzd498IvBqP3wnUqpA&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125667745&sdata=i1golbJSTf%2FbDJW%2FsrpqoO04I69JI%2F7SIJUqIAHrDoI%3D&reserved=0>.
To learn about career opportunities at DTCC, please visit careers.dtcc.com<http://careers.dtcc.com/>.

DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.