Open mend-bolt-for-github[bot] opened 10 months ago
lucene-analyzers-common-7.0.0.jar
Additional Analyzers
Path to dependency file: /pom.xml
Path to vulnerable library: /20201127105057_JYADOJ/downloadResource_XKWWQX/20201127105917/lucene-analyzers-common-7.0.0.jar
Dependency Hierarchy: - :x: **lucene-analyzers-common-7.0.0.jar** (Vulnerable Library)
Apache Lucene Java Core
Library home page: http://lucene.apache.org
Path to vulnerable library: /20201127105057_JYADOJ/downloadResource_XKWWQX/20201127105916/lucene-core-7.0.0.jar
Dependency Hierarchy: - :x: **lucene-core-7.0.0.jar** (Vulnerable Library)
Lucene QueryParsers module
Path to vulnerable library: /20201127105057_JYADOJ/downloadResource_XKWWQX/20201127105917/lucene-queryparser-7.0.0.jar
Dependency Hierarchy: - :x: **lucene-queryparser-7.0.0.jar** (Vulnerable Library)
Found in HEAD commit: 26994796809a3a8687a975e3361495d457afe47c
Found in base branch: master
Apache Lucene through 7.x and 8.x before 8.10 is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this vulnerability to consume all available CPU resources.
Publish Date: 2021-05-11
URL: WS-2021-0646
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
Type: Upgrade version
Origin: https://exchange.xforce.ibmcloud.com/vulnerabilities/216835
Release Date: 2021-05-11
Fix Resolution: 8.10.0
Step up your Open Source Security Game with Mend here
WS-2021-0646 - Medium Severity Vulnerability
Vulnerable Libraries - lucene-analyzers-common-7.0.0.jar, lucene-core-7.0.0.jar, lucene-queryparser-7.0.0.jar
lucene-analyzers-common-7.0.0.jar
Additional Analyzers
Path to dependency file: /pom.xml
Path to vulnerable library: /20201127105057_JYADOJ/downloadResource_XKWWQX/20201127105917/lucene-analyzers-common-7.0.0.jar
Dependency Hierarchy: - :x: **lucene-analyzers-common-7.0.0.jar** (Vulnerable Library)
lucene-core-7.0.0.jar
Apache Lucene Java Core
Library home page: http://lucene.apache.org
Path to dependency file: /pom.xml
Path to vulnerable library: /20201127105057_JYADOJ/downloadResource_XKWWQX/20201127105916/lucene-core-7.0.0.jar
Dependency Hierarchy: - :x: **lucene-core-7.0.0.jar** (Vulnerable Library)
lucene-queryparser-7.0.0.jar
Lucene QueryParsers module
Path to dependency file: /pom.xml
Path to vulnerable library: /20201127105057_JYADOJ/downloadResource_XKWWQX/20201127105917/lucene-queryparser-7.0.0.jar
Dependency Hierarchy: - :x: **lucene-queryparser-7.0.0.jar** (Vulnerable Library)
Found in HEAD commit: 26994796809a3a8687a975e3361495d457afe47c
Found in base branch: master
Vulnerability Details
Apache Lucene through 7.x and 8.x before 8.10 is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this vulnerability to consume all available CPU resources.
Publish Date: 2021-05-11
URL: WS-2021-0646
CVSS 3 Score Details (5.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://exchange.xforce.ibmcloud.com/vulnerabilities/216835
Release Date: 2021-05-11
Fix Resolution: 8.10.0
Step up your Open Source Security Game with Mend here