@FritzAdalis @cR0w id fully expect it to be the same box, and just 'the new struts bug, which they will have failed to patch, AGAIN, because there are no consequences'
@cR0w Glad they finally got rid of all those ../ exploits.
@cR0w @screaminggoat
Is that the right cve? It looks like a different product.
@cR0w I agree with @FritzAdalis, it looks like cvefeed.io dun goofed and wrote CVE-2024-21574 as Apache Solr when the vendor is ltdrdata and product ComfyUI-Manager.
I don't go off assumptions so I will rely on the public record of ComfyUI-Manager (which I've never heard of).
@screaminggoat @cR0w @FritzAdalis Apache Solr is mostly Java based, this product seems a web app client/server built in python, just the vendor is mistagged imo
@cR0w @ciaranmak @screaminggoat
It's all good. I just wanted to be sure before I emailed my boss and product teams. Besides, I rely on you, and I suspect you're just a side project by a single researcher.
@cR0w @ciaranmak @screaminggoat
$dayJob? So you're vendor-supported!
@cR0w @FritzAdalis @ciaranmak don't rely on me either, a sceaming goat is not a credible source.
@cR0w @FritzAdalis @screaminggoat My personal side project of 5-6 years of RSS/CVE/Feed collection contributed to this startup product *plug*
@cR0w @screaminggoat Does anyone actually USE Apache Solr? I don't think CNET even uses it any more.
@cR0w @ciaranmak @screaminggoat
Yeah, needs an invite code.
@cR0w @screaminggoat Oh yeah I remember speccing a project for AEP, our power utility, and was like "you are using WHAT?"
@cR0w @screaminggoat That's not specific to utilities. Many companies have a crapload of open source stuff installed, and no one on staff who even has the slightest idea of how to run it. Open source software is not free like beer. It's free like puppies.