Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/lucene-solr@0?distro=trixie
Typedeb
Namespacedebian
Namelucene-solr
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.6.2+dfsg-2
Latest_non_vulnerable_version3.6.2+dfsg-27
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2fyt-y5n1-zfbd
vulnerability_id VCID-2fyt-y5n1-zfbd
summary 
Unrestricted Upload of File with Dangerous Type
Apache Solr contain an insecure setting for the `ENABLE_REMOTE_JMX_OPTS` configuration option in the default `solr. then JMX monitoring will be enabled and exposed on `RMI_PORT` (`default=18983`), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12409.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12409.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12409
reference_id
reference_type
scores
0
value 0.8277
scoring_system epss
scoring_elements 0.99261
published_at 2026-06-05T12:55:00Z
1
value 0.8277
scoring_system epss
scoring_elements 0.9926
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12409
2
reference_url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr
3
reference_url https://github.com/github/advisory-review/pull/12462
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-review/pull/12462
4
reference_url https://issues.apache.org/jira/browse/SOLR-13647
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-13647
5
reference_url https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2@%3Cannounce.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87@%3Cissues.lucene.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be@%3Cgeneral.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be@%3Cgeneral.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541@%3Cissues.lucene.apache.org%3E
10
reference_url https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1774734
reference_id 1774734
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1774734
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12409
reference_id CVE-2019-12409
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12409
13
reference_url https://github.com/advisories/GHSA-2289-pqfq-6wx7
reference_id GHSA-2289-pqfq-6wx7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2289-pqfq-6wx7
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2019-12409, GHSA-2289-pqfq-6wx7
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fyt-y5n1-zfbd
1
url VCID-3zcs-eg6f-fubn
vulnerability_id VCID-3zcs-eg6f-fubn
summary 
Incorrect Authorization
When using `ConfigurableInternodeAuthHadoopPlugin` for authentication, Apache Solr would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29943.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29943.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29943
reference_id
reference_type
scores
0
value 0.058
scoring_system epss
scoring_elements 0.90684
published_at 2026-06-05T12:55:00Z
1
value 0.058
scoring_system epss
scoring_elements 0.90671
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29943
2
reference_url https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
3
reference_url https://security.netapp.com/advisory/ntap-20210604-0009
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210604-0009
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1949521
reference_id 1949521
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1949521
5
reference_url https://security.archlinux.org/AVG-1808
reference_id AVG-1808
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1808
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29943
reference_id CVE-2021-29943
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29943
7
reference_url https://github.com/advisories/GHSA-vf7p-j8x6-xvwp
reference_id GHSA-vf7p-j8x6-xvwp
reference_type
scores
url https://github.com/advisories/GHSA-vf7p-j8x6-xvwp
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2021-29943, GHSA-vf7p-j8x6-xvwp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zcs-eg6f-fubn
2
url VCID-45ku-xn2x-3fdg
vulnerability_id VCID-45ku-xn2x-3fdg
summary 
Improper Restriction of XML External Entity Reference
This vulnerability in Apache Solr relates to an XML external entity expansion (XXE) in Solr config files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8026.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8026.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8026
reference_id
reference_type
scores
0
value 0.04341
scoring_system epss
scoring_elements 0.89128
published_at 2026-06-05T12:55:00Z
1
value 0.04341
scoring_system epss
scoring_elements 0.89111
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8026
2
reference_url https://github.com/advisories/GHSA-7px3-6f6g-hxcj
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7px3-6f6g-hxcj
3
reference_url https://github.com/apache/lucene-solr/commit/1880d4824e6c5f98170b9a00aad1d437ee2aa12
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/1880d4824e6c5f98170b9a00aad1d437ee2aa12
4
reference_url https://github.com/apache/lucene-solr/commit/3aa6086ed99fa7158d423dc7c33dae6da466b09
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/3aa6086ed99fa7158d423dc7c33dae6da466b09
5
reference_url https://github.com/apache/lucene-solr/commit/d1baf6ba593561f39e2da0a71a8440797005b55
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/d1baf6ba593561f39e2da0a71a8440797005b55
6
reference_url https://github.com/apache/lucene-solr/commit/e21d4937e0637c7b7949ac463f331da9a42c07f
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/e21d4937e0637c7b7949ac463f331da9a42c07f
7
reference_url https://github.com/apache/lucene-solr/commit/e5407c5a9710247e5f728aae36224a245a51f0b
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/e5407c5a9710247e5f728aae36224a245a51f0b
8
reference_url https://issues.apache.org/jira/browse/SOLR-12450
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-12450
9
reference_url https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E
10
reference_url https://security.netapp.com/advisory/ntap-20190307-0002
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190307-0002
11
reference_url http://www.securityfocus.com/bid/104690
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104690
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1598621
reference_id 1598621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1598621
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8026
reference_id CVE-2018-8026
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8026
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2018-8026, GHSA-7px3-6f6g-hxcj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45ku-xn2x-3fdg
3
url VCID-47b2-8kgs-yugd
vulnerability_id VCID-47b2-8kgs-yugd
summary Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8795
reference_id
reference_type
scores
0
value 0.02559
scoring_system epss
scoring_elements 0.85787
published_at 2026-06-04T12:55:00Z
1
value 0.02559
scoring_system epss
scoring_elements 0.85809
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8795
1
reference_url https://issues.apache.org/jira/browse/SOLR-7346
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-7346
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8795
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8795
3
reference_url https://github.com/advisories/GHSA-mx2h-hf7j-2x3p
reference_id GHSA-mx2h-hf7j-2x3p
reference_type
scores
url https://github.com/advisories/GHSA-mx2h-hf7j-2x3p
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2015-8795, GHSA-mx2h-hf7j-2x3p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47b2-8kgs-yugd
4
url VCID-4n2d-437t-dufq
vulnerability_id VCID-4n2d-437t-dufq
summary 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.
The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.

The Solr Metrics API is protected by the "metrics-read" permission.
Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission.
This issue affects Apache Solr: from 9.0.0 before 9.3.0.

Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50290.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50290.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50290
reference_id
reference_type
scores
0
value 0.92953
scoring_system epss
scoring_elements 0.99784
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50290
2
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
3
reference_url https://github.com/apache/solr/commit/35fc4bdc48171d9a64251c54a1e76deb558cf9d8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr/commit/35fc4bdc48171d9a64251c54a1e76deb558cf9d8
4
reference_url https://issues.apache.org/jira/browse/SOLR-16808
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-16808
5
reference_url https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T20:17:07Z/
url https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2258132
reference_id 2258132
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2258132
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50290
reference_id CVE-2023-50290
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50290
8
reference_url https://github.com/advisories/GHSA-gg7w-pw2r-x2cq
reference_id GHSA-gg7w-pw2r-x2cq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gg7w-pw2r-x2cq
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2023-50290, GHSA-gg7w-pw2r-x2cq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4n2d-437t-dufq
5
url VCID-56rn-pmha-mucx
vulnerability_id VCID-56rn-pmha-mucx
summary 
Insecure Default Initialization of Resource vulnerability in Apache Solr
New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata.
ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request.
"trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.

This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.

Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45217
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.34724
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45217
1
reference_url https://issues.apache.org/jira/browse/SOLR-17418
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-17418
2
reference_url https://solr.apache.org/security.html#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-16T14:59:42Z/
url https://solr.apache.org/security.html#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly
3
reference_url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/webapp
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/webapp
4
reference_url http://www.openwall.com/lists/oss-security/2024/10/15/9
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/10/15/9
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45217
reference_id CVE-2024-45217
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45217
6
reference_url https://github.com/advisories/GHSA-h7w9-c5vx-x7j3
reference_id GHSA-h7w9-c5vx-x7j3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7w9-c5vx-x7j3
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2024-45217, GHSA-h7w9-c5vx-x7j3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56rn-pmha-mucx
6
url VCID-69cb-ed9r-guda
vulnerability_id VCID-69cb-ed9r-guda
summary 
Insufficiently Protected Credentials
When starting Apache Solr, configured with the `SaslZkACLProvider` or `VMParamsAllAndReadonlyDigestZkACLProvider` and no existing `security.json` `znode`, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any `ZkACLProvider`, if the `security.json` is already present, Solr will not automatically update the ACLs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29262.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29262.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29262
reference_id
reference_type
scores
0
value 0.26231
scoring_system epss
scoring_elements 0.96403
published_at 2026-06-05T12:55:00Z
1
value 0.26231
scoring_system epss
scoring_elements 0.96398
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29262
2
reference_url https://issues.apache.org/jira/browse/SOLR-15249
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-15249
3
reference_url https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E
14
reference_url https://security.netapp.com/advisory/ntap-20210604-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210604-0009
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1949520
reference_id 1949520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1949520
16
reference_url https://security.archlinux.org/AVG-1808
reference_id AVG-1808
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1808
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29262
reference_id CVE-2021-29262
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29262
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2021-29262, GHSA-jgcr-fg3g-qvw8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69cb-ed9r-guda
7
url VCID-8t99-tkmu-t3e7
vulnerability_id VCID-8t99-tkmu-t3e7
summary 
Incorrect Authorization in Apache Solr
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. This issue is patched in 8.6.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13957.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13957.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13957
reference_id
reference_type
scores
0
value 0.84821
scoring_system epss
scoring_elements 0.99359
published_at 2026-06-05T12:55:00Z
1
value 0.84821
scoring_system epss
scoring_elements 0.99358
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13957
2
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
3
reference_url https://github.com/apache/solr/commit/e001c2221812a0ba9e9378855040ce72f93eced4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr/commit/e001c2221812a0ba9e9378855040ce72f93eced4
4
reference_url https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573@%3Cissues.lucene.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075@%3Ccommits.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075@%3Ccommits.lucene.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r2236fdf99ac3efbfc36c2df96d3a88f822baa6f45e13fec7ff558e34@%3Cdev.bigtop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2236fdf99ac3efbfc36c2df96d3a88f822baa6f45e13fec7ff558e34@%3Cdev.bigtop.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r226c1112bb41e7cd427862d875eff9877a20a40242c2542f4dd39e4a@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r226c1112bb41e7cd427862d875eff9877a20a40242c2542f4dd39e4a@%3Cissues.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r2a6600fe9afd502c04d26fd112823ec3f3c3ad1b4a289d10567a78a0@%3Cdev.bigtop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2a6600fe9afd502c04d26fd112823ec3f3c3ad1b4a289d10567a78a0@%3Cdev.bigtop.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r2f8d33a4de07db9459fb2a98a1cd39747066137636b53f84a13e5628@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2f8d33a4de07db9459fb2a98a1cd39747066137636b53f84a13e5628@%3Cissues.lucene.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r3d1e24a73e6bffa1d6534e1f34c8f5cbd9999495e7d933640f4fa0ed@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3d1e24a73e6bffa1d6534e1f34c8f5cbd9999495e7d933640f4fa0ed@%3Cissues.lucene.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r3da9895cea476bcee2557531bebd4e8f6f367dc3ea900a65e2f51cd8@%3Cissues.bigtop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3da9895cea476bcee2557531bebd4e8f6f367dc3ea900a65e2f51cd8@%3Cissues.bigtop.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r4ca8ba5980d9049cf3707798aa3116ee76c1582f171ff452ad2ca75e@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4ca8ba5980d9049cf3707798aa3116ee76c1582f171ff452ad2ca75e@%3Cissues.lucene.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r5557641fcf5cfd99260a7037cfbc8788fb546b72c98a900570edaa2e@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5557641fcf5cfd99260a7037cfbc8788fb546b72c98a900570edaa2e@%3Cissues.lucene.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r622a043c2890327f8a4aea16b131e8a7137a282a004614369fceb224@%3Cdev.bigtop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r622a043c2890327f8a4aea16b131e8a7137a282a004614369fceb224@%3Cdev.bigtop.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r7512ae552cd9d14ab8b1bc0a7e95f2ec52ae85364f068d4034398ede@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7512ae552cd9d14ab8b1bc0a7e95f2ec52ae85364f068d4034398ede@%3Cissues.lucene.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r853fdc6d0b91d5e01a26c7bd5becb044ad775a231703d634ca5d55c9@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r853fdc6d0b91d5e01a26c7bd5becb044ad775a231703d634ca5d55c9@%3Cissues.lucene.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3@%3Cissues.lucene.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r999f828e6e37d9e825e207471cbfd2681c3befcd7f3abd59ed87c0d5@%3Cissues.bigtop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r999f828e6e37d9e825e207471cbfd2681c3befcd7f3abd59ed87c0d5@%3Cissues.bigtop.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r9d7356f209ee30d702b6a921c866564eb2e291b126640c7ab70feea7@%3Ccommits.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9d7356f209ee30d702b6a921c866564eb2e291b126640c7ab70feea7@%3Ccommits.lucene.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rb1de6ba50a468e9baff32a249edaa08f6bcec7dd7cc208e25e6b48c8@%3Cissues.bigtop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb1de6ba50a468e9baff32a249edaa08f6bcec7dd7cc208e25e6b48c8@%3Cissues.bigtop.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rb2f1c7fd3d3ea719dfac4706a80e6affddecae8663dda04e1335347f@%3Ccommits.bigtop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb2f1c7fd3d3ea719dfac4706a80e6affddecae8663dda04e1335347f@%3Ccommits.bigtop.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rf1a32f00017e83ff29a74be2de02e28e4302dddb5f14c624e297a8c0@%3Cdev.bigtop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1a32f00017e83ff29a74be2de02e28e4302dddb5f14c624e297a8c0@%3Cdev.bigtop.apache.org%3E
24
reference_url https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E
25
reference_url https://security.netapp.com/advisory/ntap-20201023-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20201023-0002
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1890514
reference_id 1890514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1890514
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13957
reference_id CVE-2020-13957
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13957
28
reference_url https://github.com/advisories/GHSA-3c7p-vv5r-cmr5
reference_id GHSA-3c7p-vv5r-cmr5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3c7p-vv5r-cmr5
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2020-13957, GHSA-3c7p-vv5r-cmr5
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8t99-tkmu-t3e7
8
url VCID-a861-czga-67dt
vulnerability_id VCID-a861-czga-67dt
summary Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.
references
0
reference_url http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804@apache.org%3E
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804@apache.org%3E
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3628.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3628.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3628
reference_id
reference_type
scores
0
value 0.01382
scoring_system epss
scoring_elements 0.80639
published_at 2026-06-04T12:55:00Z
1
value 0.01382
scoring_system epss
scoring_elements 0.80666
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3628
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3628
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3628
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1179795
reference_id 1179795
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1179795
5
reference_url https://github.com/advisories/GHSA-wgw2-gw4v-9w4j
reference_id GHSA-wgw2-gw4v-9w4j
reference_type
scores
url https://github.com/advisories/GHSA-wgw2-gw4v-9w4j
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2014-3628, GHSA-wgw2-gw4v-9w4j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a861-czga-67dt
9
url VCID-atn8-a9f2-hqbq
vulnerability_id VCID-atn8-a9f2-hqbq
summary 
Privilege escalation
Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using `SecurityAwareZkACLProvider` type of ACL provider e.g. `SaslZkACLProvider`). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9803.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9803.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9803
reference_id
reference_type
scores
0
value 0.01235
scoring_system epss
scoring_elements 0.79575
published_at 2026-06-05T12:55:00Z
1
value 0.01235
scoring_system epss
scoring_elements 0.79548
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9803
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9803
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9803
3
reference_url https://github.com/apache/lucene-solr/commit/b091934f9e98568b848d0584a1145c8e514cbd21
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/b091934f9e98568b848d0584a1145c8e514cbd21
4
reference_url https://issues.apache.org/jira/browse/SOLR-11184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-11184
5
reference_url https://lists.apache.org/thread/f4rbt657n9x4kb74k1txhcojof5dzol5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/f4rbt657n9x4kb74k1txhcojof5dzol5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9803
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-9803
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1493507
reference_id 1493507
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1493507
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2017-9803, GHSA-f553-j2gv-g5r9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atn8-a9f2-hqbq
10
url VCID-btfr-9waw-x7cw
vulnerability_id VCID-btfr-9waw-x7cw
summary 
Apache Solr: Insufficient file-access checking in standalone core-creation requests
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's  "allowPaths" security setting https://https://solr.apache.org/guide/solr/latest/configuration-guide/configuring-solr-xml.html#the-solr-element .  These read-only accesses can allow users to create cores using unexpected configsets if any are accessible via the filesystem.  On Windows systems configured to allow UNC paths this can additionally cause disclosure of NTLM "user" hashes.

Solr deployments are subject to this vulnerability if they meet the following criteria:
*  Solr is running in its "standalone" mode.
*  Solr's "allowPath" setting is being used to restrict file access to certain directories.
*  Solr's "create core" API is exposed and accessible to untrusted users.  This can happen if Solr's  RuleBasedAuthorizationPlugin https://solr.apache.org/guide/solr/latest/deployment-guide/rule-based-authorization-plugin.html  is disabled, or if it is enabled but the "core-admin-edit" predefined permission (or an equivalent custom permission) is given to low-trust (i.e. non-admin) user roles.

Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list that prevents untrusted users from creating new Solr cores.  Users should also upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22444.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22444.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22444
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.1086
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22444
2
reference_url https://github.com/apache/solr
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr
3
reference_url https://issues.apache.org/jira/browse/SOLR-18058
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-18058
4
reference_url https://lists.apache.org/thread/qkrb9dd4xrlqmmq73lrhkbfkttto2d1m
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:38:26Z/
url https://lists.apache.org/thread/qkrb9dd4xrlqmmq73lrhkbfkttto2d1m
5
reference_url http://www.openwall.com/lists/oss-security/2026/01/20/5
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/01/20/5
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2431604
reference_id 2431604
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2431604
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22444
reference_id CVE-2026-22444
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22444
8
reference_url https://github.com/advisories/GHSA-vc2w-4v3p-2mqw
reference_id GHSA-vc2w-4v3p-2mqw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vc2w-4v3p-2mqw
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2026-22444, GHSA-vc2w-4v3p-2mqw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-btfr-9waw-x7cw
11
url VCID-btns-tmqb-b3cp
vulnerability_id VCID-btns-tmqb-b3cp
summary Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8796
reference_id
reference_type
scores
0
value 0.02552
scoring_system epss
scoring_elements 0.85794
published_at 2026-06-05T12:55:00Z
1
value 0.02552
scoring_system epss
scoring_elements 0.85772
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8796
1
reference_url https://github.com/apache/lucene/commit/dc2f2295e0a6c6574f033f295dc0c9adb7660df9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene/commit/dc2f2295e0a6c6574f033f295dc0c9adb7660df9
2
reference_url https://github.com/apache/solr
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr
3
reference_url https://github.com/apache/solr/commit/dc2f2295e0a6c6574f033f295dc0c9adb7660df9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr/commit/dc2f2295e0a6c6574f033f295dc0c9adb7660df9
4
reference_url https://issues.apache.org/jira/browse/SOLR-7920
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-7920
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8796
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8796
6
reference_url https://web.archive.org/web/20200227160406/http://www.securityfocus.com/bid/85205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227160406/http://www.securityfocus.com/bid/85205
7
reference_url https://github.com/advisories/GHSA-4fxw-g29w-r8mx
reference_id GHSA-4fxw-g29w-r8mx
reference_type
scores
url https://github.com/advisories/GHSA-4fxw-g29w-r8mx
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2015-8796, GHSA-4fxw-g29w-r8mx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-btns-tmqb-b3cp
12
url VCID-cerg-yt1u-pua1
vulnerability_id VCID-cerg-yt1u-pua1
summary 
Improper Authentication vulnerability in Apache Solr
Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.


This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.

Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45216
reference_id
reference_type
scores
0
value 0.9408
scoring_system epss
scoring_elements 0.99909
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45216
1
reference_url https://issues.apache.org/jira/browse/SOLR-17417
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-17417
2
reference_url https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-16T17:02:39Z/
url https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
3
reference_url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/webapp
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/webapp
4
reference_url http://www.openwall.com/lists/oss-security/2024/10/15/8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/10/15/8
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45216
reference_id CVE-2024-45216
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45216
6
reference_url https://github.com/advisories/GHSA-mjvf-4h88-6xm3
reference_id GHSA-mjvf-4h88-6xm3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mjvf-4h88-6xm3
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2024-45216, GHSA-mjvf-4h88-6xm3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cerg-yt1u-pua1
13
url VCID-dx2z-h52j-myd8
vulnerability_id VCID-dx2z-h52j-myd8
summary Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8797
reference_id
reference_type
scores
0
value 0.02074
scoring_system epss
scoring_elements 0.8427
published_at 2026-06-04T12:55:00Z
1
value 0.02074
scoring_system epss
scoring_elements 0.84293
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8797
1
reference_url https://issues.apache.org/jira/browse/SOLR-7949
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-7949
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8797
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8797
3
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21975544
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21975544
4
reference_url https://github.com/advisories/GHSA-v6gf-x8fp-532v
reference_id GHSA-v6gf-x8fp-532v
reference_type
scores
url https://github.com/advisories/GHSA-v6gf-x8fp-532v
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2015-8797, GHSA-v6gf-x8fp-532v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx2z-h52j-myd8
14
url VCID-em3u-s65w-ubbz
vulnerability_id VCID-em3u-s65w-ubbz
summary Solr is vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via the update handler. By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
references
0
reference_url http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12401.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12401.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12401
reference_id
reference_type
scores
0
value 0.32768
scoring_system epss
scoring_elements 0.96975
published_at 2026-06-05T12:55:00Z
1
value 0.32768
scoring_system epss
scoring_elements 0.96971
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12401
3
reference_url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr
4
reference_url https://issues.apache.org/jira/browse/SOLR-13750
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-13750
5
reference_url https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E
12
reference_url https://security.netapp.com/advisory/ntap-20190926-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190926-0002
13
reference_url https://security.netapp.com/advisory/ntap-20190926-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190926-0002/
14
reference_url http://www.openwall.com/lists/oss-security/2019/09/10/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/09/10/1
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789513
reference_id 1789513
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789513
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12401
reference_id CVE-2019-12401
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12401
17
reference_url https://github.com/advisories/GHSA-jq2w-w7v2-69q5
reference_id GHSA-jq2w-w7v2-69q5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jq2w-w7v2-69q5
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2019-12401, GHSA-jq2w-w7v2-69q5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-em3u-s65w-ubbz
15
url VCID-errt-tpnd-x7bm
vulnerability_id VCID-errt-tpnd-x7bm
summary 
Incorrect Authorization in Apache Solr
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 6.6.6 and 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11802.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11802.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11802
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35424
published_at 2026-06-05T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35328
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11802
2
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
3
reference_url https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895
4
reference_url https://issues.apache.org/jira/browse/SOLR-12514
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-12514
5
reference_url https://www.openwall.com/lists/oss-security/2019/04/24/1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/04/24/1
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1707547
reference_id 1707547
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1707547
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11802
reference_id CVE-2018-11802
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11802
8
reference_url https://github.com/advisories/GHSA-j346-h5wc-rw2m
reference_id GHSA-j346-h5wc-rw2m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j346-h5wc-rw2m
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2018-11802, GHSA-j346-h5wc-rw2m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-errt-tpnd-x7bm
16
url VCID-g95c-rfw6-kqgs
vulnerability_id VCID-g95c-rfw6-kqgs
summary 
Deserialization of Untrusted Data
In Apache Solr versions, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
references
0
reference_url http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E
1
reference_url https://access.redhat.com/errata/RHSA-2019:2413
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2413
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0192.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0192.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0192
reference_id
reference_type
scores
0
value 0.93545
scoring_system epss
scoring_elements 0.99839
published_at 2026-06-05T12:55:00Z
1
value 0.93545
scoring_system epss
scoring_elements 0.99838
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0192
4
reference_url https://github.com/advisories/GHSA-xhcq-fv7x-grr2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xhcq-fv7x-grr2
5
reference_url https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892@%3Cdev.lucene.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d@%3Cdev.lucene.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a@%3Cdev.lucene.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7@%3Cdev.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d@%3Cdev.lucene.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
13
reference_url https://security.netapp.com/advisory/ntap-20190327-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190327-0003
14
reference_url https://security.netapp.com/advisory/ntap-20190327-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190327-0003/
15
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
16
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
17
reference_url http://www.securityfocus.com/bid/107318
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107318
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1692345
reference_id 1692345
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1692345
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0192
reference_id CVE-2019-0192
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0192
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2019-0192, GHSA-xhcq-fv7x-grr2
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g95c-rfw6-kqgs
17
url VCID-hcng-56xk-tuar
vulnerability_id VCID-hcng-56xk-tuar
summary 
Security Vulnerability in secure inter-node communication
This package uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either `HttpClientInterceptorPlugin` or `HttpClientBuilderPlugin`, his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7660
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7660
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7660.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7660.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7660
reference_id
reference_type
scores
0
value 0.00335
scoring_system epss
scoring_elements 0.5668
published_at 2026-06-05T12:55:00Z
1
value 0.00335
scoring_system epss
scoring_elements 0.56628
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7660
3
reference_url https://github.com/apache/lucene-solr/commit/2f5ecbcf9ed7a3a4fd37b5c55860ad8eace1bea
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/2f5ecbcf9ed7a3a4fd37b5c55860ad8eace1bea
4
reference_url https://github.com/apache/lucene-solr/commit/9f91c619a35db89544f5c85795df4128c9f0d96
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/9f91c619a35db89544f5c85795df4128c9f0d96
5
reference_url https://github.com/apache/lucene-solr/commit/e3b0cfff396a7f92a4f621d598780116da916f3
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/e3b0cfff396a7f92a4f621d598780116da916f3
6
reference_url https://github.com/apache/lucene-solr/commit/e912b7cb5c68fbb87b874d41068cf5a3aea17da0
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/e912b7cb5c68fbb87b874d41068cf5a3aea17da0
7
reference_url https://issues.apache.org/jira/browse/SOLR-10624
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-10624
8
reference_url https://lists.apache.org/thread/o0g7vpz5sz4yy0pyf1z94vkpv40x6h44
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/o0g7vpz5sz4yy0pyf1z94vkpv40x6h44
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7660
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7660
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0003
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1473273
reference_id 1473273
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1473273
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2017-7660, GHSA-c82r-qg3w-q5mv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hcng-56xk-tuar
18
url VCID-k236-qjun-9qgu
vulnerability_id VCID-k236-qjun-9qgu
summary 
Apache Solr Relative Path Traversal vulnerability
Relative Path Traversal vulnerability in Apache Solr.

Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.
This issue affects Apache Solr: from 6.6 through 9.7.0.

Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52012
reference_id
reference_type
scores
0
value 0.13709
scoring_system epss
scoring_elements 0.94405
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52012
1
reference_url https://github.com/apache/solr
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr
2
reference_url https://github.com/apache/solr/commit/5795edd143b8fcb2ffaf7f278a099b8678adf396
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr/commit/5795edd143b8fcb2ffaf7f278a099b8678adf396
3
reference_url https://issues.apache.org/jira/browse/SOLR-17543
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-17543
4
reference_url https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T13:34:11Z/
url https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd
5
reference_url http://www.openwall.com/lists/oss-security/2025/01/26/2
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/01/26/2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52012
reference_id CVE-2024-52012
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52012
7
reference_url https://github.com/advisories/GHSA-4p5m-gvpf-f3x5
reference_id GHSA-4p5m-gvpf-f3x5
reference_type
scores
url https://github.com/advisories/GHSA-4p5m-gvpf-f3x5
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2024-52012, GHSA-4p5m-gvpf-f3x5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k236-qjun-9qgu
19
url VCID-ugux-wu13-x3d7
vulnerability_id VCID-ugux-wu13-x3d7
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr This issue only affects Windows.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44548
reference_id
reference_type
scores
0
value 0.05017
scoring_system epss
scoring_elements 0.899
published_at 2026-06-04T12:55:00Z
1
value 0.05017
scoring_system epss
scoring_elements 0.89916
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44548
1
reference_url https://github.com/apache/solr
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr
2
reference_url https://security.netapp.com/advisory/ntap-20220114-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220114-0005
3
reference_url https://security.netapp.com/advisory/ntap-20220114-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220114-0005/
4
reference_url https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44548
reference_id CVE-2021-44548
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44548
6
reference_url https://github.com/advisories/GHSA-pccr-q7v9-5f27
reference_id GHSA-pccr-q7v9-5f27
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pccr-q7v9-5f27
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2021-44548, GHSA-pccr-q7v9-5f27
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugux-wu13-x3d7
20
url VCID-uz7d-q5jt-sygm
vulnerability_id VCID-uz7d-q5jt-sygm
summary Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. As an immediate workaround without upgrading, delete the template users (superadmin, admin, search, index) from security.json or change their passwords. The future, not yet released, versions 9.11.0 and 10.1.0 will not be vulnerable, and it will be enough to upgrade to solve the issue. Not affected: * Clusters where bin/solr auth enable was not used to bootstrap BasicAuth * Clusters where template users have been assigned strong passwords after bootstrap
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44825
reference_id
reference_type
scores
0
value 0.00395
scoring_system epss
scoring_elements 0.60747
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44825
1
reference_url https://lists.apache.org/thread/5xg6xr99glocp3zsg9ht2zlbwlrst7ch
reference_id 5xg6xr99glocp3zsg9ht2zlbwlrst7ch
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-06-01T12:46:21Z/
url https://lists.apache.org/thread/5xg6xr99glocp3zsg9ht2zlbwlrst7ch
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2026-44825
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uz7d-q5jt-sygm
21
url VCID-w2ku-uvwz-4bhx
vulnerability_id VCID-w2ku-uvwz-4bhx
summary 
Improper Restriction of XML External Entity Reference
This vulnerability in Apache Solr relates to an XML external entity expansion (XXE) in Solr config files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8010.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8010.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8010
reference_id
reference_type
scores
0
value 0.01708
scoring_system epss
scoring_elements 0.82691
published_at 2026-06-05T12:55:00Z
1
value 0.01708
scoring_system epss
scoring_elements 0.82664
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8010
2
reference_url https://github.com/advisories/GHSA-rc9v-h28f-jcmf
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rc9v-h28f-jcmf
3
reference_url https://github.com/apache/lucene-solr/commit/1b760114216fcdfae138a8b37f183a9293c4911
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/1b760114216fcdfae138a8b37f183a9293c4911
4
reference_url https://github.com/apache/lucene-solr/commit/4ba409e0ff3dc38aad88f7b7ad69a76325272b8
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/4ba409e0ff3dc38aad88f7b7ad69a76325272b8
5
reference_url https://github.com/apache/lucene-solr/commit/6c4e45e28494d4d4d04fb89852d18c86fa3d5f8
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/6c4e45e28494d4d4d04fb89852d18c86fa3d5f8
6
reference_url https://github.com/apache/lucene-solr/commit/6d082d5743dee7e08a86b3f2ef03bc025112512
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/6d082d5743dee7e08a86b3f2ef03bc025112512
7
reference_url https://github.com/apache/lucene-solr/commit/96f079b4b47eaadff65c7aaf0e5bafe68e30ec3
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/96f079b4b47eaadff65c7aaf0e5bafe68e30ec3
8
reference_url https://issues.apache.org/jira/browse/SOLR-12316
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-12316
9
reference_url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
10
reference_url https://mail-archives.apache.org/mod_mbox/www-announce/201805.mbox/%3C08a801d3f0f9%24df46d300%249dd47900%24%40apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/www-announce/201805.mbox/%3C08a801d3f0f9%24df46d300%249dd47900%24%40apache.org%3E
11
reference_url http://www.securityfocus.com/bid/104239
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104239
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1581037
reference_id 1581037
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1581037
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8010
reference_id CVE-2018-8010
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8010
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2018-8010, GHSA-rc9v-h28f-jcmf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2ku-uvwz-4bhx
22
url VCID-ymkf-c5sn-f3fw
vulnerability_id VCID-ymkf-c5sn-f3fw
summary 
Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components.  Only deployments that meet all of the following criteria are impacted by this vulnerability:

*  Use of Solr's "RuleBasedAuthorizationPlugin"
*  A RuleBasedAuthorizationPlugin config (see security.json) that specifies multiple "roles"
*  A RuleBasedAuthorizationPlugin permission list (see security.json) that uses one or more of the following pre-defined permission rules: "config-read", "config-edit", "schema-read", "metrics-read", or "security-read".
*  A RuleBasedAuthorizationPlugin permission list that doesn't define the "all" pre-defined permission
*  A networking setup that allows clients to make unfiltered network requests to Solr. (i.e. user-submitted HTTP/HTTPS requests reach Solr as-is, unmodified or restricted by any intervening proxy or gateway)

Users can mitigate this vulnerability by ensuring that their RuleBasedAuthorizationPlugin configuration specifies the "all" pre-defined permission and associates the permission with an "admin" or other privileged role.  Users can also upgrade to a Solr version outside of the impacted range, such as the recently released Solr 9.10.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22022.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22022.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22022
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46783
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22022
2
reference_url https://github.com/apache/solr
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr
3
reference_url https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0
4
reference_url https://issues.apache.org/jira/browse/SOLR-18054
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-18054
5
reference_url https://lists.apache.org/thread/d59hqbgo7p62myq7mgfpz7or8n1j7wbn
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:34:12Z/
url https://lists.apache.org/thread/d59hqbgo7p62myq7mgfpz7or8n1j7wbn
6
reference_url http://www.openwall.com/lists/oss-security/2026/01/20/4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/01/20/4
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2431603
reference_id 2431603
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2431603
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22022
reference_id CVE-2026-22022
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22022
9
reference_url https://github.com/advisories/GHSA-qr3p-2xj2-q7hq
reference_id GHSA-qr3p-2xj2-q7hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qr3p-2xj2-q7hq
fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
aliases CVE-2026-22022, GHSA-qr3p-2xj2-q7hq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymkf-c5sn-f3fw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie