/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-72h2-xhgh-3qq2

Published

Last updated

https://images.chainguard.dev/security/CGA-72h2-xhgh-3qq2
Package

wso2is

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2024-51504
  • GHSA-g93m-8x6h-g5gv

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-51504

Updates

Status

Pending upstream fix

Impact

This vulnerability affects zookeeper 3.9.2, which is bundled within the solr_9.5.0.wso2v7.jar file. The vulnerable zookeeper dependency cannot be updated through Maven dependency management because it is embedded within the Solr JAR. Apache Solr 9.8.1 (the latest version as of July 2025) still uses zookeeper 3.9.2, so upgrading WSO2's Solr dependency would not resolve this CVE. The fix requires Apache Solr to first upgrade their zookeeper dependency to 3.9.3+ (which fixes GHSA-g93m-8x6h-g5gv), followed by WSO2 updating their Solr dependency to a version containing the fixed zookeeper. This is a multi-level upstream coordination issue requiring fixes from both Apache Solr and WSO2.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing