[jira] [Created] (SOLR-13755) vulnerable jackson-databind jar

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (SOLR-13755) vulnerable jackson-databind jar

Clark Perkins (Jira)
Vijay Telu created SOLR-13755:
---------------------------------

             Summary: vulnerable jackson-databind jar
                 Key: SOLR-13755
                 URL: https://issues.apache.org/jira/browse/SOLR-13755
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Vijay Telu


the SOLR 7.7.2 and 8.2 having vulnerable jackson-databind.jar
org.apache.solr-7.7.1/server/solr-webapp/webapp/WEB-INF/lib/jackson-databind-2.9.8.jar
 
/data/solr/lib/jackson-databind-2.9.8.jar
 
*CVE-2019-14379*
CVSSv3: CRITICAL (9.8)
 



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]