Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] CVE-2024-45772 - Flagged in Lucene - 9.11.1 #16203

Closed
gupta-mayank opened this issue Oct 7, 2024 · 2 comments
Closed

[BUG] CVE-2024-45772 - Flagged in Lucene - 9.11.1 #16203

gupta-mayank opened this issue Oct 7, 2024 · 2 comments
Labels
bug Something isn't working Search Search query, autocomplete ...etc

Comments

@gupta-mayank
Copy link

Describe the bug

CVE-2024-45772 is being flagged in lucene 9.11.1 , is it exploitable in Opensearch ?

Related component

Search

To Reproduce

CVE-2024-45772 is being flagged

Expected behavior

CVE-2024-45772 is being flagged

Additional Details

Using Opensearch 2.16.0 ( even latest 2.17.1 is having same version of lucene )
@gupta-mayank gupta-mayank added bug Something isn't working untriaged labels Oct 7, 2024
@github-actions github-actions bot added the Search Search query, autocomplete ...etc label Oct 7, 2024
@mch2
Copy link
Member

mch2 commented Oct 9, 2024

Thanks for raising @gupta-mayank, OpenSearch currently does not depend on the org.apache.lucene.replicator module that is flagged in the CVE.

@gupta-mayank
Copy link
Author

Thanks a lot @mch2

@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Search Project Board Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Search Search query, autocomplete ...etc
Projects
Search Project Board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mch2 @gupta-mayank @sandeshkr419