CVEs (vulnerabilities) that apply to Solr 8.4.1
コピーリンク
Our TRM team (Technology Risk Management) has provided us with the attached vulnerabilities analysis for Solr 8.4.1, (security issues extracted below.)
Has anyone out there in the Solr community done anything to document workarounds or mitigations for any of these identified vulnerabilities in Solr 8.4.1? Does anyone know if work to address these issues is happening for subsequent releases?
Any and all comments will be greatly appreciated!
From their analysis:
Security Issues
Threat Level Problem Code Component Status
9 sonatype-2019-0115 jQuery 1.7.1 Open
sonatype-2019-0115 com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2 Open
CVE-2015-1832http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832 org.apache.derby : derby : 10.9.1.0 Open
CVE-2015-1832http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2017-1000190http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000190 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2019-0115 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2019-0494 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
8 CVE-2019-10088http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10088 org.apache.tika : tika-core : 1.19.1 Open
CVE-2019-10088http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10088 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
7 CVE-2012-0881http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881 apache-xerces : xercesImpl : 2.9.1 Open
CVE-2013-4002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002 apache-xerces : xercesImpl : 2.9.1 Open
CVE-2019-14262http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14262 com.drewnoakes : metadata-extractor : 2.11.0 Open
CVE-2019-12402http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402 org.apache.commons : commons-compress : 1.18 Open
CVE-2019-10094http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10094 org.apache.tika : tika-core : 1.19.1 Open
CVE-2012-0881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2013-4002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2014-0114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-10094http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10094 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-12086http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-12402http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-14262http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14262 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-17558http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17558 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
6 sonatype-2014-0026 jQuery 1.7.1 Open
sonatype-2014-0026 com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2 Open
sonatype-2018-0330 org.apache.ant : ant : 1.8.2 Open
CVE-2018-17197http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197 org.apache.tika : tika-core : 1.19.1 Open
CVE-2018-17197http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197 org.apache.tika : tika-parsers : 1.19.1 Open
CVE-2019-10093 org.apache.tika : tika-parsers : 1.19.1 Open
sonatype-2018-0469 org.apache.zookeeper : zookeeper : 3.5.5 Open
CVE-2018-17197http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-10093http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10093 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2014-0026 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2018-0330 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
5 CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 apache-xerces : xercesImpl : 2.9.1 Open
sonatype-2017-0348 apache-xerces : xercesImpl : 2.9.1 Open
sonatype-2012-0050 commons-codec : commons-codec : 1.11 Open
sonatype-2014-0173 commons-fileupload : commons-fileupload : 1.3.3 Open
sonatype-2020-0026 io.netty : netty-handler : 4.1.29.Final Open
CVE-2012-2098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 org.apache.ant : ant : 1.8.2 Open
CVE-2019-12415http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415 org.apache.poi : poi-ooxml : 4.0.0 Open
CVE-2018-8010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8010 org.apache.solr : solr-core : 8.4.1 Open
CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2012-2098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2018-8010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8010 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-12415http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2012-0050 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2014-0173 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2017-0348 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
4 sonatype-2017-0492 com.sun.mail : javax.mail : 1.5.1 Open
sonatype-2017-0492 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
Christopher Ahlberg
Director
Middleware Plat & Foundation
DTCC New York
+1 212 855-3995 | cahlberg@dtcc.comname@dtcc.com
[cid:image002.png@01D5FEA1.80E1F760]
Visit us at www.dtcc.comhttp://www.dtcc.com or connect with us on LinkedInhttps://www.linkedin.com/company/6915?trk=tyah&trkInfo=clickedVertical%3Acompany%2CclickedEntityId%3A6915%2Cidx%3A4-2-11%2CtarId%3A1469742786610%2Ctas%3Adtcc, Twitterhttps://twitter.com/The_DTCC, Facebookhttps://www.facebook.com/thedtcc and YouTubehttps://www.youtube.com/channel/UCi4dnJzd498IvBqP3wnUqpA.
To learn about career opportunities at DTCC, please visit careers.dtcc.comhttp://careers.dtcc.com/.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
添付ファイル:
https://lucene.apache.org/solr/security.html
The security page on the Solr website has details about how to report
security items. It also has a link to the wiki page with details about some
of these that are false positives.
Each version of Solr has dependency updates and addresses different
dependency CVEs as they are reported and detected. I haven't looked through
what was shared specifically but Solr 8.5 which is under vote addresses at
least a few dependency upgrades.
Kevin Risden
On Fri, Mar 20, 2020 at 10:23 AM Ahlberg, Christopher C. cahlberg@dtcc.com
wrote:
Our TRM team (Technology Risk Management) has provided us with the
attached vulnerabilities analysis for Solr 8.4.1, (security issues
extracted below.)Has anyone out there in the Solr community done anything to document
workarounds or mitigations for any of these identified vulnerabilities in
Solr 8.4.1? Does anyone know if work to address these issues is happening
for subsequent releases?Any and all comments will be greatly appreciated!
From their analysis:
Security Issues
Threat Level Problem Code
Component
Status9 sonatype-2019-0115 jQuery
1.7.1 Opensonatype-2019-0115 com.carrotsearch.randomizedtesting : junit4-ant :
2.7.2 OpenCVE-2015-1832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832 org.apache.derby
: derby : 10.9.1.0 OpenCVE-2015-1832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2017-1000190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000190 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 Opensonatype-2019-0115 org.ikasan : ikasan-solr-distribution : zip :
3.0.0 Opensonatype-2019-0494 org.ikasan : ikasan-solr-distribution : zip :
3.0.0 Open8 CVE-2019-10088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10088 org.apache.tika
: tika-core : 1.19.1 OpenCVE-2019-10088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10088 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 Open7 CVE-2012-0881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881 apache-xerces
: xercesImpl : 2.9.1 OpenCVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002 apache-xerces
: xercesImpl : 2.9.1 OpenCVE-2019-14262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14262 com.drewnoakes
: metadata-extractor : 2.11.0 OpenCVE-2019-12402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402 org.apache.commons
: commons-compress : 1.18 OpenCVE-2019-10094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10094 org.apache.tika
: tika-core : 1.19.1 OpenCVE-2012-0881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2014-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2019-10094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10094 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2019-12086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2019-12402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2019-14262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14262 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2019-17558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17558 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 Open6 sonatype-2014-0026 jQuery
1.7.1 Opensonatype-2014-0026 com.carrotsearch.randomizedtesting : junit4-ant :
2.7.2 Opensonatype-2018-0330 org.apache.ant : ant :
1.8.2 OpenCVE-2018-17197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197 org.apache.tika
: tika-core : 1.19.1 OpenCVE-2018-17197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197 org.apache.tika
: tika-parsers : 1.19.1 OpenCVE-2019-10093 org.apache.tika : tika-parsers :
1.19.1 Opensonatype-2018-0469 org.apache.zookeeper : zookeeper :
3.5.5 OpenCVE-2018-17197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17197 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2019-10093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10093 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 Opensonatype-2014-0026 org.ikasan : ikasan-solr-distribution : zip :
3.0.0 Opensonatype-2018-0330 org.ikasan : ikasan-solr-distribution : zip :
3.0.0 Open5 CVE-2009-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 apache-xerces
: xercesImpl : 2.9.1 Opensonatype-2017-0348 apache-xerces : xercesImpl :
2.9.1 Opensonatype-2012-0050 commons-codec : commons-codec :
1.11 Opensonatype-2014-0173 commons-fileupload : commons-fileupload :
1.3.3 Opensonatype-2020-0026 io.netty : netty-handler :
4.1.29.Final OpenCVE-2012-2098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 org.apache.ant
: ant : 1.8.2 OpenCVE-2019-12415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415 org.apache.poi
: poi-ooxml : 4.0.0 OpenCVE-2018-8010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8010 org.apache.solr
: solr-core : 8.4.1 OpenCVE-2009-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2012-2098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2018-8010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8010 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 OpenCVE-2019-12415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12415 org.ikasan
: ikasan-solr-distribution : zip : 3.0.0 Opensonatype-2012-0050 org.ikasan : ikasan-solr-distribution : zip :
3.0.0 Opensonatype-2014-0173 org.ikasan : ikasan-solr-distribution : zip :
3.0.0 Opensonatype-2017-0348 org.ikasan : ikasan-solr-distribution : zip :
3.0.0 Open4 sonatype-2017-0492 com.sun.mail :
javax.mail : 1.5.1 Opensonatype-2017-0492 org.ikasan : ikasan-solr-distribution : zip :
3.0.0 OpenChristopher Ahlberg
Director
Middleware Plat & Foundation
DTCC New York
+1 212 855-3995 | cahlberg@dtcc.com name@dtcc.com
Visit us at www.dtcc.com or connect with us on LinkedIn
https://www.linkedin.com/company/6915?trk=tyah&trkInfo=clickedVertical%3Acompany%2CclickedEntityId%3A6915%2Cidx%3A4-2-11%2CtarId%3A1469742786610%2Ctas%3Adtcc,
Twitter https://twitter.com/The_DTCC, Facebook
https://www.facebook.com/thedtcc and YouTube
https://www.youtube.com/channel/UCi4dnJzd498IvBqP3wnUqpA.To learn about career opportunities at DTCC, please visit careers.dtcc.com
.DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this email in error, please
notify us immediately and delete the email and any attachments from your
system. The recipient should check this email and any attachments for the
presence of viruses. The company accepts no liability for any damage caused
by any virus transmitted by this email.
Thanks for the link Kevin! We’ll check it out.
From: Kevin Risden krisden@apache.org
Sent: Friday, March 20, 2020 11:40 AM
To: solr-user@lucene.apache.org
Cc: Canzoneri, Salvatore A. SCanzoneri@dtcc.com; All Team Cache and Search Engineering Personnel cacheandsearchengineering@dtcc.com; Tuch, Barry S. btuch@dtcc.com; Brenenson, Aryeh abrenenson@dtcc.com
Subject: Re: CVEs (vulnerabilities) that apply to Solr 8.4.1
ATTENTION! This email originated outside of DTCC; exercise caution.
https://lucene.apache.org/solr/security.htmlhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flucene.apache.org%2Fsolr%2Fsecurity.html&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125523016&sdata=IJmuZAuHrS2x8miKoDXv9QJrwWfC7ovylPYQifzE6TE%3D&reserved=0
The security page on the Solr website has details about how to report security items. It also has a link to the wiki page with details about some of these that are false positives.
Each version of Solr has dependency updates and addresses different dependency CVEs as they are reported and detected. I haven't looked through what was shared specifically but Solr 8.5 which is under vote addresses at least a few dependency upgrades.
Kevin Risden
On Fri, Mar 20, 2020 at 10:23 AM Ahlberg, Christopher C. cahlberg@dtcc.com> wrote:
Our TRM team (Technology Risk Management) has provided us with the attached vulnerabilities analysis for Solr 8.4.1, (security issues extracted below.)
Has anyone out there in the Solr community done anything to document workarounds or mitigations for any of these identified vulnerabilities in Solr 8.4.1? Does anyone know if work to address these issues is happening for subsequent releases?
Any and all comments will be greatly appreciated!
From their analysis:
Security Issues
Threat Level Problem Code Component Status
9 sonatype-2019-0115 jQuery 1.7.1 Open
sonatype-2019-0115 com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2 Open
CVE-2015-1832https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2015-1832&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125528005&sdata=4gsGjYQL5%2Bf2zIXrdInQBMaOckjdYvvXBPSTr3MXw0c%3D&reserved=0 org.apache.derby : derby : 10.9.1.0 Open
CVE-2015-1832https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2015-1832&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125533000&sdata=YU6491OMPqfmMf0ZAbDEq8rhjC1Mw%2FCyyof%2FkcjBNe0%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2017-1000190https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2017-1000190&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125533000&sdata=i3nGuv36on8NbmOEBKJ%2Bnad%2Fko7PoAC6K%2BaoF0SkjBA%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2019-0115 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2019-0494 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
8 CVE-2019-10088https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10088&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125537989&sdata=rKMrNAzgy3sLcY%2FSLcrxTpskQO02Z0BXG2o0yq5gfPY%3D&reserved=0 org.apache.tika : tika-core : 1.19.1 Open
CVE-2019-10088https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10088&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125542979&sdata=K6E34epNshx54%2F0mpoHnrXgqdoXynZskQAOaPmaxeXE%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
7 CVE-2012-0881https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2012-0881&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125547970&sdata=uTrUqgQTgole3uF9bSx1TfRbzbCAdLPNLPIiAi0B928%3D&reserved=0 apache-xerces : xercesImpl : 2.9.1 Open
CVE-2013-4002 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2013-4002&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125552960&sdata=FVOOrKlN4Z8h%2FISN5e6tr31iOT3nkXHWHlng2iolxXY%3D&reserved=0 apache-xerces : xercesImpl : 2.9.1 Open
CVE-2019-14262https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-14262&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125557952&sdata=FlHdk9W6N7v9dncGwDjjFRi6xnDqLECfdVXZFCH7HN8%3D&reserved=0 com.drewnoakes : metadata-extractor : 2.11.0 Open
CVE-2019-12402https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12402&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125562942&sdata=TS7hYSYWz4bXtymZ%2BBhktHmUTCzLVdgMC2am48SAY6g%3D&reserved=0 org.apache.commons : commons-compress : 1.18 Open
CVE-2019-10094https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10094&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125562942&sdata=E8MA6l8%2Fo%2BcLV%2BcvaKg%2BK23YDvCqBnuxkgAle9JgVdE%3D&reserved=0 org.apache.tika : tika-core : 1.19.1 Open
CVE-2012-0881 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2012-0881&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125567935&sdata=rOstnFGSS%2FKMSzxTD8TLF7CFKc9GZ9Of%2F3k1HSbjFVk%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2013-4002 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2013-4002&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125572922&sdata=KxItVC%2FLu8wOy4lqG3XF%2F4w2vR%2F8zfI%2FZIuPN4dYQAs%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2014-0114 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2014-0114&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125577918&sdata=frbSXFS2FM6%2BM49io9ZytA3BaBAIdeU6tEf9ZrFe0Fc%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-10094https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10094&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125582912&sdata=uzrVIdRRK4vkp2lNXLbxMRtgi4XmmM4Hz%2BFtlYY3stc%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-12086https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12086&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125587899&sdata=yHb4X8vRbQ5MIXcg%2B9gQarLIAix2VhUTNKBQo%2Fq1EqU%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-12402https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12402&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125592886&sdata=ysN%2BWmvQBnit%2BmFJjo8ag%2FlTNlmTcT8RI9Zt4co%2BFnM%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-14262https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-14262&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125597878&sdata=s5LpEQR95mPBIW%2BN5jJlBAFdeff4v5gf6NQ2QMdq62g%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-17558https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-17558&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125597878&sdata=UwQBmBKwGGi5ZvNZGJMGQNSgGIgbU6ZSb7ovUA0W%2BHw%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
6 sonatype-2014-0026 jQuery 1.7.1 Open
sonatype-2014-0026 com.carrotsearch.randomizedtesting : junit4-ant : 2.7.2 Open
sonatype-2018-0330 org.apache.ant : ant : 1.8.2 Open
CVE-2018-17197https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-17197&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125602867&sdata=edPYkYi4Vw9dKtpSpvVGGMbQSa961kN2dsDViiZtVtg%3D&reserved=0 org.apache.tika : tika-core : 1.19.1 Open
CVE-2018-17197https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-17197&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125607867&sdata=wbFTbRi2SbKOfOEOsj30EI2CIkeFzcCcf7wpFHfrrtE%3D&reserved=0 org.apache.tika : tika-parsers : 1.19.1 Open
CVE-2019-10093 org.apache.tika : tika-parsers : 1.19.1 Open
sonatype-2018-0469 org.apache.zookeeper : zookeeper : 3.5.5 Open
CVE-2018-17197https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-17197&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125612848&sdata=i%2BfPUtFIohI0hzxooeMqWjkJly9RNIlBwx10Lku%2FiWM%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-10093https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-10093&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125617838&sdata=dU5DJ%2FbBbA%2FBD2mkgCJGgjBrULxmfz6ydEcq0GG%2FHc0%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2014-0026 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2018-0330 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
5 CVE-2009-2625 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2009-2625&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125622829&sdata=HUosJHgqV62bHiBU5or%2FA4c8%2FyqeQ7aiioS8ndGQ9G0%3D&reserved=0 apache-xerces : xercesImpl : 2.9.1 Open
sonatype-2017-0348 apache-xerces : xercesImpl : 2.9.1 Open
sonatype-2012-0050 commons-codec : commons-codec : 1.11 Open
sonatype-2014-0173 commons-fileupload : commons-fileupload : 1.3.3 Open
sonatype-2020-0026 io.netty : netty-handler : 4.1.29.Final Open
CVE-2012-2098 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2012-2098&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125622829&sdata=m6K5AKWvd0pV7JNwkOoOeiR6LSXmR7Kuf24OEc%2FKc3M%3D&reserved=0 org.apache.ant : ant : 1.8.2 Open
CVE-2019-12415https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12415&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125627820&sdata=38kz1ASMA4sex2gcsTwsUAhBDjiahknFNz8aKTr7eqE%3D&reserved=0 org.apache.poi : poi-ooxml : 4.0.0 Open
CVE-2018-8010 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-8010&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125632809&sdata=ly1OxhFzgbpifmREPzifgdkEAphZaPGQH2NWMxjNCNQ%3D&reserved=0 org.apache.solr : solr-core : 8.4.1 Open
CVE-2009-2625 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2009-2625&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125637801&sdata=v0XoyRxGsIKXEvCl9fEwjvUzUiSK%2FhgmZyIAdURKViU%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2012-2098 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2012-2098&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125642791&sdata=M1Fo8bwZ7fNTpu%2Fk%2BYo2BLmJkNcY8s4WDenZjSrDoGI%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2018-8010 https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-8010&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125647787&sdata=0j7Dk3gUHwt7iAWaBbhRr7wuZIJxs22NgA1pjH7MuLU%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
CVE-2019-12415https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-12415&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125647787&sdata=h8AHo%2BnP0vRNQJ2SqDVYiycRGr92ke1c2%2FOCHhvqK8c%3D&reserved=0 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2012-0050 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2014-0173 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
sonatype-2017-0348 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
4 sonatype-2017-0492 com.sun.mail : javax.mail : 1.5.1 Open
sonatype-2017-0492 org.ikasan : ikasan-solr-distribution : zip : 3.0.0 Open
Christopher Ahlberg
Director
Middleware Plat & Foundation
DTCC New York
+1 212 855-3995 | cahlberg@dtcc.comname@dtcc.com
[cid:170f896f3365b16b21]
Visit us at www.dtcc.comhttp://www.dtcc.com/ or connect with us on LinkedInhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F6915%3Ftrk%3Dtyah%26trkInfo%3DclickedVertical%253Acompany%252CclickedEntityId%253A6915%252Cidx%253A4-2-11%252CtarId%253A1469742786610%252Ctas%253Adtcc&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125657768&sdata=g9xpAi5H4fTgpVkDiKbJ6ggQFH7Kf%2FLDlEVTzb%2FaZHk%3D&reserved=0, Twitterhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FThe_DTCC&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125657768&sdata=pK5utUdFjq0Ig%2FcWBf1mWVORQwyAPrJ%2BbM3%2FBVhA6vI%3D&reserved=0, Facebookhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fthedtcc&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125662763&sdata=L%2FNP%2BVwr6Q0mU0mebBJqqCGkR4neUoywy%2BRgiPOMX4g%3D&reserved=0 and YouTubehttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCi4dnJzd498IvBqP3wnUqpA&data=02%7C01%7Ccahlberg%40dtcc.com%7C08df86c693444968c4a908d7cce4f88a%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637203156125667745&sdata=i1golbJSTf%2FbDJW%2FsrpqoO04I69JI%2F7SIJUqIAHrDoI%3D&reserved=0.
To learn about career opportunities at DTCC, please visit careers.dtcc.comhttp://careers.dtcc.com/.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
トピックへ返信するには、ログインが必要です。