Uploaded image for project: 'MetaBrainz Sec Management'
  1. MetaBrainz Sec Management
  2. SEC-1211

[mb-solr] CVE-2023-50386: org.apache.solr:solr-core >= 6.0.0, < 8.11.3

    • Icon: Task Task
    • Resolution: Invalid
    • Icon: Normal Normal
    • SEARCH
    • None
    • 5,404,361,569

      CVE-2023-50386 affects package org.apache.solr:solr-core >= 6.0.0, < 8.11.3 which metabrainz/mb-solr depends on.

      Please self-assign this ticket and check metabrainz/mb-solr alerts, then:

      • Dismiss the corresponding alert in GitHub if there is a valid reason (patch in progress, no bandwidth, tolerable risk, inaccurate alert, or unused code) for.
      • Create a new ticket in the affected JIRA project, link it to this ticket (do not move this ticket to another project), and address that new ticket.

      In both case, GitHub Bot will close this ticket for you, except if you backport a patch on a vulnerable dependency.

      This ticket has been created by SEC automation.

          Loading...
          Uploaded image for project: 'MetaBrainz Sec Management'
          1. MetaBrainz Sec Management
          2. SEC-1211

          [mb-solr] CVE-2023-50386: org.apache.solr:solr-core >= 6.0.0, < 8.11.3

            • Icon: Task Task
            • Resolution: Invalid
            • Icon: Normal Normal
            • SEARCH
            • None
            • 5,404,361,569

              CVE-2023-50386 affects package org.apache.solr:solr-core >= 6.0.0, < 8.11.3 which metabrainz/mb-solr depends on.

              Please self-assign this ticket and check metabrainz/mb-solr alerts, then:

              • Dismiss the corresponding alert in GitHub if there is a valid reason (patch in progress, no bandwidth, tolerable risk, inaccurate alert, or unused code) for.
              • Create a new ticket in the affected JIRA project, link it to this ticket (do not move this ticket to another project), and address that new ticket.

              In both case, GitHub Bot will close this ticket for you, except if you backport a patch on a vulnerable dependency.

              This ticket has been created by SEC automation.

                    yvanzo yvanzo
                    github-bot GitHub Bot
                    Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                      Created:
                      Updated:
                      Resolved:

                        Version Package

                          yvanzo yvanzo
                          github-bot GitHub Bot
                          Votes:
                          0 Vote for this issue
                          Watchers:
                          1 Start watching this issue

                            Created:
                            Updated:
                            Resolved:

                              Version Package