Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Lucene>
  3. Java-Dev
Does CVE-2020-27223 impact Solr 8.6.1
swhite4141 at gmail
Mar 10, 2021, 1:12 PM
Post #1 of 2 (132 views)
Permalink
Hi everyone,

Sorry for the double post, as I posted this on the Solr mailing list too.

Does anyone know if CVE-2020-27223 [1] impacts Solr? This is a
vulnerability in jetty-http-9.4.27.v20200227.jar which we ship with Solr
8.6.1.

Thanks,

Steven

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-27223
Re: Does CVE-2020-27223 impact Solr 8.6.1 [ In reply to ]
jan.asf at cominvent
Mar 10, 2021, 1:43 PM
Post #2 of 2 (132 views)
Permalink
Hi,

Please see https://solr.apache.org/security.html for how to handle potential security issues responsibly.
From time to time we upgrade our Jetty dependencies, so feel free to file a public JIRA to upgrade Jetty in next release.
Normally you'd not be vulnerable to this DoS attach since you would of course not expose the Solr servers to the internet or other hostile networks...

Jan

> 10. mar. 2021 kl. 22:12 skrev Steven White <swhite4141@gmail.com>:
>
> Hi everyone,
>
> Sorry for the double post, as I posted this on the Solr mailing list too.
>
> Does anyone know if CVE-2020-27223 [1] impacts Solr? This is a vulnerability in jetty-http-9.4.27.v20200227.jar which we ship with Solr 8.6.1.
>
> Thanks,
>
> Steven
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2020-27223 <https://nvd.nist.gov/vuln/detail/CVE-2020-27223>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal