wso2is
Chainguard
Status
Impact
This vulnerability affects zookeeper 3.9.2, which is bundled within the solr_9.5.0.wso2v7.jar file. The vulnerable zookeeper dependency cannot be updated through Maven dependency management because it is embedded within the Solr JAR. Apache Solr 9.8.1 (the latest version as of July 2025) still uses zookeeper 3.9.2, so upgrading WSO2's Solr dependency would not resolve this CVE. The fix requires Apache Solr to first upgrade their zookeeper dependency to 3.9.3+ (which fixes GHSA-g93m-8x6h-g5gv), followed by WSO2 updating their Solr dependency to a version containing the fixed zookeeper. This is a multi-level upstream coordination issue requiring fixes from both Apache Solr and WSO2.
Status