Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: net.jpountz.lz4:lz4
- Introduced through: org.mapdb:mapdb@3.1.0
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.mapdb:mapdb@3.1.0 › net.jpountz.lz4:lz4@1.3.0
Overview
net.jpountz.lz4:lz4 is a package for LZ4 compression for Java
Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4_decompress_fast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or access sensitive memory contents by providing specially crafted compressed input.
Workaround
- Applications using
LZ4Factory.nativeInstance()in conjunction with.fastDecompressor()can switch to.safeInstance()or.safeDecompressor(). - Applications using
LZ4Factory.unsafeInstance(),.fastestInstance()or.fastestJavaInstance()can switch to.safeInstance().
Notes
The official
org.lz4:lz4-javalibrary has not been patched and the project is discontinued.org.lz4:lz4-java:1.8.1relocates the pacakge toat.yawk.lz4:lz4-java, which is a community-maintained fork of the library that fixes this vulnerability.
Remediation
There is no fixed version for net.jpountz.lz4:lz4.
References
high severity
- Vulnerable module: org.apache.commons:commons-lang3
- Introduced through: org.apache.commons:commons-lang3@3.17.0, com.quasiris.qsf:qsf-commons@7.7 and others
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.commons:commons-lang3@3.17.0Remediation: Upgrade to org.apache.commons:commons-lang3@3.18.0.
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › com.quasiris.qsf:qsf-commons@7.7 › org.apache.commons:commons-lang3@3.17.0
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › io.thekraken:grok@0.1.5 › org.apache.commons:commons-lang3@3.17.0
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.commons:commons-compress@1.27.1 › org.apache.commons:commons-lang3@3.17.0Remediation: Upgrade to org.apache.commons:commons-compress@1.28.0.
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › com.quasiris.qsf:qsf-commons@7.7 › org.apache.commons:commons-text@1.13.0 › org.apache.commons:commons-lang3@3.17.0
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.
Remediation
Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.
References
high severity
- Vulnerable module: org.apache.httpcomponents.client5:httpclient5
- Introduced through: org.apache.httpcomponents.client5:httpclient5@5.4.2 and com.quasiris.qsf:qsf-commons@7.7
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.httpcomponents.client5:httpclient5@5.4.2Remediation: Upgrade to org.apache.httpcomponents.client5:httpclient5@5.4.3.
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › com.quasiris.qsf:qsf-commons@7.7 › org.apache.httpcomponents.client5:httpclient5@5.4.2
Overview
org.apache.httpcomponents.client5:httpclient5 is a HttpClient component of the Apache HttpComponents project.
Affected versions of this package are vulnerable to Improper Certificate Validation due to a bug in the validation logic of the Public Suffix List, which allows attackers to manipulate cookie management and host name verification, leading to unauthorized access or information disclosure.
Remediation
Upgrade org.apache.httpcomponents.client5:httpclient5 to version 5.4.3 or higher.
References
high severity
- Vulnerable module: org.lz4:lz4-java
- Introduced through: org.apache.kafka:kafka-clients@4.0.0
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.kafka:kafka-clients@4.0.0 › org.lz4:lz4-java@1.8.0
Overview
org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm.
Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4_decompress_fast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or access sensitive memory contents by providing specially crafted compressed input.
Workaround
- Applications using
LZ4Factory.nativeInstance()in conjunction with.fastDecompressor()can switch to.safeInstance()or.safeDecompressor(). - Applications using
LZ4Factory.unsafeInstance(),.fastestInstance()or.fastestJavaInstance()can switch to.safeInstance().
Notes
The official
org.lz4:lz4-javalibrary has not been patched and the project is discontinued.org.lz4:lz4-java:1.8.1relocates the pacakge toat.yawk.lz4:lz4-java, which is a community-maintained fork of the library that fixes this vulnerability.
Remediation
Upgrade org.lz4:lz4-java to version 1.8.1 or higher.
References
high severity
- Vulnerable module: org.eclipse.jetty.http2:http2-common
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.eclipse.jetty.http2:http2-client@10.0.22 › org.eclipse.jetty.http2:http2-common@10.0.22Remediation: Upgrade to org.apache.solr:solr-solrj@9.10.0.
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.eclipse.jetty.http2:http2-http-client-transport@10.0.22 › org.eclipse.jetty.http2:http2-client@10.0.22 › org.eclipse.jetty.http2:http2-common@10.0.22Remediation: Upgrade to org.apache.solr:solr-solrj@9.10.0.
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via malformed HTTP/2 control frames that manipulate the RST_STREAM process. An attacker can exhaust server resources and disrupt service availability by rapidly sending specially crafted frames that cause the server to reset streams and miscount active connections.
Remediation
Upgrade org.eclipse.jetty.http2:http2-common to version 9.4.58.v20250814, 10.0.26, 11.0.26 or higher.
References
high severity
- Vulnerable module: net.jpountz.lz4:lz4
- Introduced through: org.mapdb:mapdb@3.1.0
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.mapdb:mapdb@3.1.0 › net.jpountz.lz4:lz4@1.3.0
Overview
net.jpountz.lz4:lz4 is a package for LZ4 compression for Java
Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted compressed input.
Note:
- JNI implementations are not vulnerable.
LZ4Factory.safeInstance(),LZ4Factory.unsafeInstance(), andLZ4Factory.fastestJavaInstance()are all vulnerable.nativeInstance().fastDecompressor()is vulnerable butnativeInstance().safeDecompressor()is not.- This vulnerability is distinct from the one described in CVE-2025-12183, and was discovered during follow-up research.
Workaround
This vulnerability can be mitigated by zeroing the output buffer before passing it to the decompression function.
Remediation
There is no fixed version for net.jpountz.lz4:lz4.
References
high severity
- Vulnerable module: org.lz4:lz4-java
- Introduced through: org.apache.kafka:kafka-clients@4.0.0
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.kafka:kafka-clients@4.0.0 › org.lz4:lz4-java@1.8.0
Overview
org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm.
Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted compressed input.
Note:
- JNI implementations are not vulnerable.
LZ4Factory.safeInstance(),LZ4Factory.unsafeInstance(), andLZ4Factory.fastestJavaInstance()are all vulnerable.nativeInstance().fastDecompressor()is vulnerable butnativeInstance().safeDecompressor()is not.- This vulnerability is distinct from the one described in CVE-2025-12183, and was discovered during follow-up research.
Workaround
This vulnerability can be mitigated by zeroing the output buffer before passing it to the decompression function.
Remediation
There is no fixed version for org.lz4:lz4-java.
References
medium severity
- Vulnerable module: org.mozilla:rhino
- Introduced through: org.mozilla:rhino@1.8.0
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.mozilla:rhino@1.8.0Remediation: Upgrade to org.mozilla:rhino@1.8.1.
Overview
org.mozilla:rhino is a Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the toFixed function. An attacker can cause excessive CPU consumption and disrupt service availability by passing specially crafted floating-point numbers.
Remediation
Upgrade org.mozilla:rhino to version 1.7.14.1, 1.7.15.1, 1.8.1 or higher.
References
medium severity
- Vulnerable module: org.apache.zookeeper:zookeeper
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2Remediation: Upgrade to org.apache.solr:solr-solrj@9.9.0.
Overview
org.apache.zookeeper:zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.
Affected versions of this package are vulnerable to Authentication Bypass by Spoofing due to the default configuration of the IPAuthenticationProvider, which relies on HTTP request headers for IP address detection. An attacker can bypass authentication by spoofing the client's IP address in the X-Forwarded-For header. This vulnerability allows unauthorized execution of admin server commands such as snapshot and restore, potentially leading to information leakage or service availability issues.
Note:
This vulnerability only impacts IP-based authentication implemented in ZooKeeper Admin Server.
Remediation
Upgrade org.apache.zookeeper:zookeeper to version 3.9.3 or higher.
References
medium severity
- Vulnerable module: org.eclipse.jetty:jetty-http
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.eclipse.jetty:jetty-http@10.0.22
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.eclipse.jetty:jetty-client@10.0.22 › org.eclipse.jetty:jetty-http@10.0.22
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.eclipse.jetty.http2:http2-http-client-transport@10.0.22 › org.eclipse.jetty:jetty-client@10.0.22 › org.eclipse.jetty:jetty-http@10.0.22
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.eclipse.jetty.http2:http2-client@10.0.22 › org.eclipse.jetty.http2:http2-common@10.0.22 › org.eclipse.jetty.http2:http2-hpack@10.0.22 › org.eclipse.jetty:jetty-http@10.0.22
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.eclipse.jetty.http2:http2-http-client-transport@10.0.22 › org.eclipse.jetty.http2:http2-client@10.0.22 › org.eclipse.jetty.http2:http2-common@10.0.22 › org.eclipse.jetty.http2:http2-hpack@10.0.22 › org.eclipse.jetty:jetty-http@10.0.22
Overview
org.eclipse.jetty:jetty-http is an is a http module for jetty server.
Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via the HttpURI class due to insufficient validation on the authority segment of a URI. An attacker can manipulate the URI parsing to redirect requests or initiate server-side requests to unintended destinations by supplying malformed URIs that bypass validation checks.
Notes:
This is only exploitable if the application uses decoded user data as encoded URIs in conjunction with the
HttpURIclass used directly;The Jetty usage of the
HttpURIclass is not vulnerable.
Workaround
This vulnerability can be mitigated by not passing decoded user data as encoded URIs to any URI class/method, including HttpURI.
PoC
http://browser.check &@vulndetector.com/
http://browser.check #@vulndetector.com/
http://browser.check?@vulndetector.com/
http://browser.check#@vulndetector.com/
http://vulndetector.com\\/
Remediation
Upgrade org.eclipse.jetty:jetty-http to version 9.4.57.v20241219, 12.0.12 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-classic
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-classic@1.2.13Remediation: Upgrade to org.apache.solr:solr-solrj@9.9.0.
Overview
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the JaninoEventEvaluator extension. An attacker can execute arbitrary code by compromising an existing logback configuration file or injecting an environment variable before program execution.
Remediation
Upgrade ch.qos.logback:logback-classic to version 1.3.15, 1.5.13 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-core@1.2.13Remediation: Upgrade to org.apache.solr:solr-solrj@9.9.0.
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-classic@1.2.13 › ch.qos.logback:logback-core@1.2.13Remediation: Upgrade to org.apache.solr:solr-solrj@9.9.0.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are present on the class path. An attacker can execute arbitrary code by compromising an existing configuration file or injecting a malicious environment variable before program execution. This is only exploitable if the attacker has write access to a configuration file or can set a malicious environment variable.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.5.19 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-core@1.2.13Remediation: Upgrade to org.apache.solr:solr-solrj@9.9.0.
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-classic@1.2.13 › ch.qos.logback:logback-core@1.2.13Remediation: Upgrade to org.apache.solr:solr-solrj@9.9.0.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the JaninoEventEvaluator extension. An attacker can execute arbitrary code by compromising an existing logback configuration file or injecting an environment variable before program execution.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.
References
medium severity
- Vulnerable module: org.apache.zookeeper:zookeeper
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2Remediation: Upgrade to org.apache.solr:solr-solrj@9.10.0.
Overview
org.apache.zookeeper:zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.
Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges due to insufficient permission checks in the handleAuthorization function. A user can gain unauthorized access to sensitive operations by executing snapshot and restore commands without adequate permissions.
Workaround
This vulnerability can be mitigated by disabling the snapshot and restore commands via admin.snapshot.enabled and admin.restore.enabled, disabling the AdminServer interface entirely via admin.enableServer, or ensuring the root ACL does not provide open permissions.
Note: ZooKeeper ACLs are not recursive, so the workaround does not impact operations on child nodes besides notifications from recursive watches.
Remediation
Upgrade org.apache.zookeeper:zookeeper to version 3.9.4 or higher.
References
medium severity
- Module: ch.qos.logback:logback-classic
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-classic@1.2.13
Dual license: EPL-1.0, LGPL-2.1
medium severity
- Module: ch.qos.logback:logback-core
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-core@1.2.13
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-classic@1.2.13 › ch.qos.logback:logback-core@1.2.13
Dual license: EPL-1.0, LGPL-2.1
medium severity
- Module: com.github.spotbugs:spotbugs-annotations
- Introduced through: com.quasiris.qsf:qsf-commons@7.7
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › com.quasiris.qsf:qsf-commons@7.7 › com.github.spotbugs:spotbugs-annotations@4.9.3
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › com.quasiris.qsf:qsf-commons@7.7 › com.quasiris.qsf:qsf-dto@7.7 › com.github.spotbugs:spotbugs-annotations@4.9.3
LGPL-2.1 license
medium severity
- Module: junit:junit
- Introduced through: junit:junit@4.13.2 and org.mapdb:mapdb@3.1.0
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › junit:junit@4.13.2
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.mapdb:mapdb@3.1.0 › org.eclipse.collections:eclipse-collections-forkjoin@10.4.0 › junit:junit@4.13.2
EPL-1.0 license
medium severity
- Module: net.sf.joost:joost
- Introduced through: net.sf.joost:joost@0.9.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › net.sf.joost:joost@0.9.1
MPL-1.1 license
medium severity
- Module: org.mozilla:rhino
- Introduced through: org.mozilla:rhino@1.8.0
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.mozilla:rhino@1.8.0
MPL-2.0 license
low severity
- Vulnerable module: org.jetbrains.kotlin:kotlin-stdlib
- Introduced through: org.mapdb:mapdb@3.1.0
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.mapdb:mapdb@3.1.0 › org.jetbrains.kotlin:kotlin-stdlib@1.9.25
Overview
org.jetbrains.kotlin:kotlin-stdlib is a Kotlin Standard Library for JVM.
Affected versions of this package are vulnerable to Information Exposure. A Kotlin application using createTempDir or createTempFile and placing sensitive information within either of these locations would be leaking this information in a read-only way to other users also on this system.
Note: As of version 1.4.21, the vulnerable functions have been marked as deprecated. Due to still being usable, this advisory is kept as "unfixed".
PoC by JLLeitschuh
package org.jlleitschuh.sandbox
import org.junit.jupiter.api.Test
import java.io.BufferedReader
import java.io.File
import java.io.IOException
import java.io.InputStreamReader
import java.nio.file.Files
class KotlinTempDirectoryPermissionCheck {
@Test
fun `kotlin check default directory permissions`() {
val dir = createTempDir()
runLS(dir.parentFile, dir) // Prints drwxr-xr-x
}
@Test
fun `Files check default directory permissions`() {
val dir = Files.createTempDirectory("random-directory")
runLS(dir.toFile().parentFile, dir.toFile()) // Prints drwx------
}
@Test
fun `kotlin check default file permissions`() {
val file = createTempFile()
runLS(file.parentFile, file) // Prints -rw-r--r--
}
@Test
fun `Files check default file permissions`() {
val file = Files.createTempFile("random-file", ".txt")
runLS(file.toFile().parentFile, file.toFile()) // Prints -rw-------
}
private fun runLS(file: File, lookingFor: File) {
val processBuilder = ProcessBuilder()
processBuilder.command("ls", "-l", file.absolutePath)
try {
val process = processBuilder.start()
val output = StringBuilder()
val reader = BufferedReader(
InputStreamReader(process.inputStream)
)
reader.lines().forEach { line ->
if (line.contains("total")) {
output.append(line).append('\n')
}
if (line.contains(lookingFor.name)) {
output.append(line).append('\n')
}
}
val exitVal = process.waitFor()
if (exitVal == 0) {
println("Success!")
println(output)
} else {
//abnormal...
}
} catch (e: IOException) {
e.printStackTrace()
} catch (e: InterruptedException) {
e.printStackTrace()
}
}
}
Remediation
Upgrade org.jetbrains.kotlin:kotlin-stdlib to version 2.1.0 or higher.
References
low severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.apache.solr:solr-solrj@9.8.1
Detailed paths
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-core@1.2.13Remediation: Upgrade to org.apache.solr:solr-solrj@9.9.0.
-
Introduced through: tblsoft/solr-cmd-utils@tblsoft/solr-cmd-utils#ba4781c773894ca3e8054146bbed5f3d7bb52314 › org.apache.solr:solr-solrj@9.8.1 › org.apache.solr:solr-solrj-zookeeper@9.8.1 › org.apache.zookeeper:zookeeper@3.9.2 › ch.qos.logback:logback-classic@1.2.13 › ch.qos.logback:logback-core@1.2.13Remediation: Upgrade to org.apache.solr:solr-solrj@9.9.0.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the SaxEventRecorder process. An attacker can forge requests by compromising logback configuration files in XML.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.