mend-for-github-com[bot]
commented
3 weeks ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
Apache Solr Solrj
Library home page: http://www.apache.org/
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /le/caches/modules-2/files-2.1/org.apache.solr/solr-solrj/8.8.2/1c22d9d27f7317d9c2574304b5dc7ff99bcf639f/solr-solrj-8.8.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.solr/solr-solrj/8.8.2/1c22d9d27f7317d9c2574304b5dc7ff99bcf639f/solr-solrj-8.8.2.jar
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-44981
### Vulnerable Library - zookeeper-3.6.2.jarZooKeeper server
Library home page: https://www.apache.org/
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.zookeeper/zookeeper/3.6.2/bd0630f2de482ce8a14bc1de8dc12ef6197f4624/zookeeper-3.6.2.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **zookeeper-3.6.2.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsAuthorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.
Publish Date: 2023-10-11
URL: CVE-2023-44981
### CVSS 3 Score Details (9.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
Release Date: 2023-10-11
Fix Resolution (org.apache.zookeeper:zookeeper): 3.7.2
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 8.11.3
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-50386
### Vulnerable Library - solr-solrj-8.8.2.jarApache Solr Solrj
Library home page: http://www.apache.org/
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /le/caches/modules-2/files-2.1/org.apache.solr/solr-solrj/8.8.2/1c22d9d27f7317d9c2574304b5dc7ff99bcf639f/solr-solrj-8.8.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.solr/solr-solrj/8.8.2/1c22d9d27f7317d9c2574304b5dc7ff99bcf639f/solr-solrj-8.8.2.jar
Dependency Hierarchy: - :x: **solr-solrj-8.8.2.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsImproper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
Publish Date: 2024-02-09
URL: CVE-2023-50386
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-50386
Release Date: 2024-02-09
Fix Resolution: 8.11.3
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2024-47554
### Vulnerable Libraries - commons-io-2.10.0.jar, commons-io-2.8.0.jar### commons-io-2.10.0.jar
The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Library home page: https://www.apache.org/
Path to dependency file: /spring-boot-project/spring-boot-test-autoconfigure/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/commons-io/commons-io/2.10.0/79384da84646660c57b89aa86a5a1eb98af50e00/commons-io-2.10.0.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **commons-io-2.10.0.jar** (Vulnerable Library) ### commons-io-2.8.0.jar
The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Library home page: https://www.apache.org/
Path to dependency file: /spring-boot-project/spring-boot-actuator-autoconfigure/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/commons-io/commons-io/2.8.0/92999e26e6534606b5678014e66948286298a35c/commons-io-2.8.0.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **commons-io-2.8.0.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsUncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Publish Date: 2024-10-03
URL: CVE-2024-47554
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1
Release Date: 2024-10-03
Fix Resolution (commons-io:commons-io): 2.14.0
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
Fix Resolution (commons-io:commons-io): 2.14.0
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2024-23944
### Vulnerable Library - zookeeper-3.6.2.jarZooKeeper server
Library home page: https://www.apache.org/
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.zookeeper/zookeeper/3.6.2/bd0630f2de482ce8a14bc1de8dc12ef6197f4624/zookeeper-3.6.2.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **zookeeper-3.6.2.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsInformation disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue.
Publish Date: 2024-03-15
URL: CVE-2024-23944
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://seclists.org/oss-sec/2024/q1/229
Release Date: 2024-03-15
Fix Resolution (org.apache.zookeeper:zookeeper): 3.8.4
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.4.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2024-22201
### Vulnerable Library - http2-common-9.4.43.v20210629.jarLibrary home page: https://webtide.com
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty.http2/http2-common/9.4.43.v20210629/6fd8c588c2f660a35dd0a6050c79611ba0760555/http2-common-9.4.43.v20210629.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **http2-common-9.4.43.v20210629.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsJetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
Publish Date: 2024-02-26
URL: CVE-2024-22201
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
Release Date: 2024-02-26
Fix Resolution (org.eclipse.jetty.http2:http2-common): 9.4.53.v20231009
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 8.11.3
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-50298
### Vulnerable Library - solr-solrj-8.8.2.jarApache Solr Solrj
Library home page: http://www.apache.org/
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /le/caches/modules-2/files-2.1/org.apache.solr/solr-solrj/8.8.2/1c22d9d27f7317d9c2574304b5dc7ff99bcf639f/solr-solrj-8.8.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.solr/solr-solrj/8.8.2/1c22d9d27f7317d9c2574304b5dc7ff99bcf639f/solr-solrj-8.8.2.jar
Dependency Hierarchy: - :x: **solr-solrj-8.8.2.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.
Publish Date: 2024-02-09
URL: CVE-2023-50298
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions
Release Date: 2024-02-09
Fix Resolution: 8.11.3
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-44487
### Vulnerable Library - http2-common-9.4.43.v20210629.jarLibrary home page: https://webtide.com
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty.http2/http2-common/9.4.43.v20210629/6fd8c588c2f660a35dd0a6050c79611ba0760555/http2-common-9.4.43.v20210629.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **http2-common-9.4.43.v20210629.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Publish Date: 2023-10-10
URL: CVE-2023-44487
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-44487
Release Date: 2023-10-10
Fix Resolution: org.eclipse.jetty.http2:http2-server:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-server:12.0.2, org.eclipse.jetty.http2:http2-common:9.4.53.v20231009,10.0.17,11.0.17, org.eclipse.jetty.http2:jetty-http2-common:12.0.2, nghttp - v1.57.0, swift-nio-http2 - 1.28.0, io.netty:netty-codec-http2:4.1.100.Final, trafficserver - 9.2.3, org.apache.tomcat:tomcat-coyote:8.5.94,9.0.81,10.1.14, org.apache.tomcat.embed:tomcat-embed-core:8.5.94,9.0.81,10.1.14, Microsoft.AspNetCore.App - 6.0.23,7.0.12, contour - v1.26.1, proxygen - v2023.10.16.00, grpc-go - v1.56.3,v1.57.1,v1.58.3, kubernetes/kubernetes - v1.25.15,v1.26.10,v1.27.7,v1.28.3,v1.29.0, kubernetes/apimachinery - v0.25.15,v0.26.10,v0.27.7,v0.28.3,v0.29.0, kubernetes/apiserver- v0.25.15,v0.26.10,v0.27.7,v0.28.3,v0.29.0
CVE-2023-43642
### Vulnerable Libraries - snappy-java-1.1.8.4.jar, snappy-java-1.1.7.6.jar### snappy-java-1.1.8.4.jar
snappy-java: A fast compression/decompression library
Library home page: https://github.com/xerial/snappy-java
Path to dependency file: /spring-boot-project/spring-boot-autoconfigure/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.8.4/66f0d56454509f6e36175f2331572e250e04a6cc/snappy-java-1.1.8.4.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **snappy-java-1.1.8.4.jar** (Vulnerable Library) ### snappy-java-1.1.7.6.jar
snappy-java: A fast compression/decompression library
Library home page: https://github.com/xerial/snappy-java
Path to dependency file: /spring-boot-project/spring-boot-actuator/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.7.6/2900879ed8049a19b0f0f30ecd00a84e5a2b80c0/snappy-java-1.1.7.6.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **snappy-java-1.1.7.6.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability Detailssnappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.
Publish Date: 2023-09-25
URL: CVE-2023-43642
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
Release Date: 2023-09-25
Fix Resolution (org.xerial.snappy:snappy-java): 1.1.10.4
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
Fix Resolution (org.xerial.snappy:snappy-java): 1.1.10.4
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-36478
### Vulnerable Library - http2-hpack-9.4.43.v20210629.jarLibrary home page: https://webtide.com
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty.http2/http2-hpack/9.4.43.v20210629/ae3d44710ccbec84463c9cc718d0c8c51617bac2/http2-hpack-9.4.43.v20210629.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **http2-hpack-9.4.43.v20210629.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsEclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.
Publish Date: 2023-10-10
URL: CVE-2023-36478
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r
Release Date: 2023-10-10
Fix Resolution (org.eclipse.jetty.http2:http2-hpack): 9.4.53.v20231009
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 8.11.3
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-34455
### Vulnerable Libraries - snappy-java-1.1.8.4.jar, snappy-java-1.1.7.6.jar### snappy-java-1.1.8.4.jar
snappy-java: A fast compression/decompression library
Library home page: https://github.com/xerial/snappy-java
Path to dependency file: /spring-boot-project/spring-boot-autoconfigure/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.8.4/66f0d56454509f6e36175f2331572e250e04a6cc/snappy-java-1.1.8.4.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **snappy-java-1.1.8.4.jar** (Vulnerable Library) ### snappy-java-1.1.7.6.jar
snappy-java: A fast compression/decompression library
Library home page: https://github.com/xerial/snappy-java
Path to dependency file: /spring-boot-project/spring-boot-actuator/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.7.6/2900879ed8049a19b0f0f30ecd00a84e5a2b80c0/snappy-java-1.1.7.6.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **snappy-java-1.1.7.6.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability Detailssnappy-java is a fast compressor/decompressor for Java. Due to use of an unchecked chunk length, an unrecoverable fatal error can occur in versions prior to 1.1.10.1. The code in the function hasNextChunk in the fileSnappyInputStream.java checks if a given stream has more chunks to read. It does that by attempting to read 4 bytes. If it wasn’t possible to read the 4 bytes, the function returns false. Otherwise, if 4 bytes were available, the code treats them as the length of the next chunk. In the case that the `compressed` variable is null, a byte array is allocated with the size given by the input data. Since the code doesn’t test the legality of the `chunkSize` variable, it is possible to pass a negative number (such as 0xFFFFFFFF which is -1), which will cause the code to raise a `java.lang.NegativeArraySizeException` exception. A worse case would happen when passing a huge positive value (such as 0x7FFFFFFF), which would raise the fatal `java.lang.OutOfMemoryError` error. Version 1.1.10.1 contains a patch for this issue.
Publish Date: 2023-06-15
URL: CVE-2023-34455
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/xerial/snappy-java/security/advisories/GHSA-qcwq-55hx-v3vh
Release Date: 2023-06-15
Fix Resolution (org.xerial.snappy:snappy-java): 1.1.10.1
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
Fix Resolution (org.xerial.snappy:snappy-java): 1.1.10.1
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-34454
### Vulnerable Libraries - snappy-java-1.1.8.4.jar, snappy-java-1.1.7.6.jar### snappy-java-1.1.8.4.jar
snappy-java: A fast compression/decompression library
Library home page: https://github.com/xerial/snappy-java
Path to dependency file: /spring-boot-project/spring-boot-autoconfigure/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.8.4/66f0d56454509f6e36175f2331572e250e04a6cc/snappy-java-1.1.8.4.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **snappy-java-1.1.8.4.jar** (Vulnerable Library) ### snappy-java-1.1.7.6.jar
snappy-java: A fast compression/decompression library
Library home page: https://github.com/xerial/snappy-java
Path to dependency file: /spring-boot-project/spring-boot-actuator/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.7.6/2900879ed8049a19b0f0f30ecd00a84e5a2b80c0/snappy-java-1.1.7.6.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **snappy-java-1.1.7.6.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability Detailssnappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function. Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array. Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error. The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place. Version 1.1.10.1 contains a patch for this issue.
Publish Date: 2023-06-15
URL: CVE-2023-34454
### CVSS 3 Score Details (5.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r
Release Date: 2023-06-15
Fix Resolution (org.xerial.snappy:snappy-java): 1.1.10.1
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
Fix Resolution (org.xerial.snappy:snappy-java): 1.1.10.1
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-34453
### Vulnerable Libraries - snappy-java-1.1.8.4.jar, snappy-java-1.1.7.6.jar### snappy-java-1.1.8.4.jar
snappy-java: A fast compression/decompression library
Library home page: https://github.com/xerial/snappy-java
Path to dependency file: /spring-boot-project/spring-boot-autoconfigure/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.8.4/66f0d56454509f6e36175f2331572e250e04a6cc/snappy-java-1.1.8.4.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **snappy-java-1.1.8.4.jar** (Vulnerable Library) ### snappy-java-1.1.7.6.jar
snappy-java: A fast compression/decompression library
Library home page: https://github.com/xerial/snappy-java
Path to dependency file: /spring-boot-project/spring-boot-actuator/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.xerial.snappy/snappy-java/1.1.7.6/2900879ed8049a19b0f0f30ecd00a84e5a2b80c0/snappy-java-1.1.7.6.jar
Dependency Hierarchy: - solr-solrj-8.8.2.jar (Root Library) - :x: **snappy-java-1.1.7.6.jar** (Vulnerable Library)
Found in base branch: main
### Vulnerability Detailssnappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`. The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue. Version 1.1.10.1 contains a patch for this vulnerability.
Publish Date: 2023-06-15
URL: CVE-2023-34453
### CVSS 3 Score Details (5.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
Release Date: 2023-06-15
Fix Resolution (org.xerial.snappy:snappy-java): 1.1.10.1
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
Fix Resolution (org.xerial.snappy:snappy-java): 1.1.10.1
Direct dependency fix Resolution (org.apache.solr:solr-solrj): 9.0.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.