Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.solr/solr-core@4.1.0
Typemaven
Namespaceorg.apache.solr
Namesolr-core
Version4.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.8.2
Latest_non_vulnerable_version9.10.1
Affected_by_vulnerabilities
0
url VCID-2nwy-8r1n-y7cc
vulnerability_id VCID-2nwy-8r1n-y7cc
summary 
Path traversal attack
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name Solr does not validate the file name, hence it is possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
1
reference_url https://access.redhat.com/errata/RHSA-2018:1447
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1447
2
reference_url https://access.redhat.com/errata/RHSA-2018:1448
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1448
3
reference_url https://access.redhat.com/errata/RHSA-2018:1449
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1449
4
reference_url https://access.redhat.com/errata/RHSA-2018:1450
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1450
5
reference_url https://access.redhat.com/errata/RHSA-2018:1451
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1451
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3163.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3163.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-3163
reference_id
reference_type
scores
0
value 0.11857
scoring_system epss
scoring_elements 0.93859
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-3163
8
reference_url https://github.com/advisories/GHSA-387v-84cv-9qmc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-387v-84cv-9qmc
9
reference_url https://github.com/apache/lucene-solr/commit/3a4f885b18bc963a8326c752bd229497908f1db
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/3a4f885b18bc963a8326c752bd229497908f1db
10
reference_url https://github.com/apache/lucene-solr/commit/6f598d24692a89da9b5b671be6cf4b947aa39266
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/6f598d24692a89da9b5b671be6cf4b947aa39266
11
reference_url https://github.com/apache/lucene-solr/commit/7088137d52256354a52ed86547b9faa0e704293
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/7088137d52256354a52ed86547b9faa0e704293
12
reference_url https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4d
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4d
13
reference_url https://issues.apache.org/jira/browse/SOLR-10031
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/SOLR-10031
14
reference_url https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E
15
reference_url https://www.debian.org/security/2018/dsa-4124
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4124
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1454783
reference_id 1454783
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1454783
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712
reference_id 867712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-3163
reference_id CVE-2017-3163
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-3163
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@5.5.4
purl pkg:maven/org.apache.solr/solr-core@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcs-eg6f-fubn
1
vulnerability VCID-69cb-ed9r-guda
2
vulnerability VCID-atn8-a9f2-hqbq
3
vulnerability VCID-de4p-g9a9-1fcd
4
vulnerability VCID-f12z-qhkn-qyhb
5
vulnerability VCID-g95c-rfw6-kqgs
6
vulnerability VCID-hcng-56xk-tuar
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
10
vulnerability VCID-zseq-ezs2-wbhu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.5.4
1
url pkg:maven/org.apache.solr/solr-core@6.4.1
purl pkg:maven/org.apache.solr/solr-core@6.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcs-eg6f-fubn
1
vulnerability VCID-45ku-xn2x-3fdg
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-f12z-qhkn-qyhb
6
vulnerability VCID-g95c-rfw6-kqgs
7
vulnerability VCID-hcng-56xk-tuar
8
vulnerability VCID-n5hy-aw33-skh2
9
vulnerability VCID-vdk1-r552-kqhh
10
vulnerability VCID-w2ku-uvwz-4bhx
11
vulnerability VCID-x81k-2zr1-b7c3
12
vulnerability VCID-zseq-ezs2-wbhu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@6.4.1
aliases CVE-2017-3163, GHSA-387v-84cv-9qmc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nwy-8r1n-y7cc
1
url VCID-3zcs-eg6f-fubn
vulnerability_id VCID-3zcs-eg6f-fubn
summary 
Incorrect Authorization
When using `ConfigurableInternodeAuthHadoopPlugin` for authentication, Apache Solr would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29943.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29943.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29943
reference_id
reference_type
scores
0
value 0.058
scoring_system epss
scoring_elements 0.90671
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29943
2
reference_url https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E
3
reference_url https://security.netapp.com/advisory/ntap-20210604-0009
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210604-0009
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1949521
reference_id 1949521
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1949521
5
reference_url https://security.archlinux.org/AVG-1808
reference_id AVG-1808
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1808
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29943
reference_id CVE-2021-29943
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29943
7
reference_url https://github.com/advisories/GHSA-vf7p-j8x6-xvwp
reference_id GHSA-vf7p-j8x6-xvwp
reference_type
scores
url https://github.com/advisories/GHSA-vf7p-j8x6-xvwp
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@8.8.2
purl pkg:maven/org.apache.solr/solr-core@8.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@8.8.2
aliases CVE-2021-29943, GHSA-vf7p-j8x6-xvwp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zcs-eg6f-fubn
2
url VCID-5w3j-gqqb-qbgf
vulnerability_id VCID-5w3j-gqqb-qbgf
summary 
Path Traversal
Directory traversal vulnerability in `SolrResourceLoader` in Apache Solr allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to `solr/select/`, when the response writer (wt parameter) is set to XSLT.
references
0
reference_url http://lucene.apache.org/solr/4_6_0/changes/Changes.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lucene.apache.org/solr/4_6_0/changes/Changes.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1844.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-0029.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0029.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6397.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6397.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6397
reference_id
reference_type
scores
0
value 0.90931
scoring_system epss
scoring_elements 0.99648
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6397
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
9
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
10
reference_url https://github.com/apache/lucene-solr/commit/da34b18cb3092df4972e2b6fa5178d1059923910
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/da34b18cb3092df4972e2b6fa5178d1059923910
11
reference_url https://issues.apache.org/jira/browse/SOLR-4882
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-4882
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6397
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6397
13
reference_url https://web.archive.org/web/20170307173358/http://www.securityfocus.com/bid/63935
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170307173358/http://www.securityfocus.com/bid/63935
14
reference_url http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html
15
reference_url http://www.openwall.com/lists/oss-security/2013/11/27/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/11/27/1
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1035062
reference_id 1035062
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1035062
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id 731113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
18
reference_url https://bugzilla.redhat.com/CVE-2013-6397
reference_id CVE-2013-6397
reference_type
scores
url https://bugzilla.redhat.com/CVE-2013-6397
19
reference_url https://access.redhat.com/errata/RHSA-2013:1844
reference_id RHSA-2013:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1844
20
reference_url https://access.redhat.com/errata/RHSA-2014:0029
reference_id RHSA-2014:0029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0029
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@4.6.0
purl pkg:maven/org.apache.solr/solr-core@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-em3u-s65w-ubbz
6
vulnerability VCID-f12z-qhkn-qyhb
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.6.0
1
url pkg:maven/org.apache.solr/solr-core@5.0.0
purl pkg:maven/org.apache.solr/solr-core@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-f12z-qhkn-qyhb
6
vulnerability VCID-g95c-rfw6-kqgs
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.0.0
aliases CVE-2013-6397, GHSA-j8qw-mwmv-28cg
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5w3j-gqqb-qbgf
3
url VCID-69cb-ed9r-guda
vulnerability_id VCID-69cb-ed9r-guda
summary 
Insufficiently Protected Credentials
When starting Apache Solr, configured with the `SaslZkACLProvider` or `VMParamsAllAndReadonlyDigestZkACLProvider` and no existing `security.json` `znode`, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any `ZkACLProvider`, if the `security.json` is already present, Solr will not automatically update the ACLs.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29262.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29262.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29262
reference_id
reference_type
scores
0
value 0.26231
scoring_system epss
scoring_elements 0.96398
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29262
2
reference_url https://issues.apache.org/jira/browse/SOLR-15249
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-15249
3
reference_url https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E
14
reference_url https://security.netapp.com/advisory/ntap-20210604-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210604-0009
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1949520
reference_id 1949520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1949520
16
reference_url https://security.archlinux.org/AVG-1808
reference_id AVG-1808
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1808
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29262
reference_id CVE-2021-29262
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29262
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@8.8.2
purl pkg:maven/org.apache.solr/solr-core@8.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@8.8.2
aliases CVE-2021-29262, GHSA-jgcr-fg3g-qvw8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69cb-ed9r-guda
4
url VCID-atn8-a9f2-hqbq
vulnerability_id VCID-atn8-a9f2-hqbq
summary 
Privilege escalation
Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using `SecurityAwareZkACLProvider` type of ACL provider e.g. `SaslZkACLProvider`). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9803.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9803.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9803
reference_id
reference_type
scores
0
value 0.01235
scoring_system epss
scoring_elements 0.79548
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9803
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9803
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9803
3
reference_url https://github.com/apache/lucene-solr/commit/b091934f9e98568b848d0584a1145c8e514cbd21
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/b091934f9e98568b848d0584a1145c8e514cbd21
4
reference_url https://issues.apache.org/jira/browse/SOLR-11184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-11184
5
reference_url https://lists.apache.org/thread/f4rbt657n9x4kb74k1txhcojof5dzol5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/f4rbt657n9x4kb74k1txhcojof5dzol5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9803
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-9803
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1493507
reference_id 1493507
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1493507
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@6.6.1
purl pkg:maven/org.apache.solr/solr-core@6.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcs-eg6f-fubn
1
vulnerability VCID-45ku-xn2x-3fdg
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-de4p-g9a9-1fcd
4
vulnerability VCID-f12z-qhkn-qyhb
5
vulnerability VCID-g95c-rfw6-kqgs
6
vulnerability VCID-n5hy-aw33-skh2
7
vulnerability VCID-vdk1-r552-kqhh
8
vulnerability VCID-w2ku-uvwz-4bhx
9
vulnerability VCID-x81k-2zr1-b7c3
10
vulnerability VCID-zseq-ezs2-wbhu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@6.6.1
aliases CVE-2017-9803, GHSA-f553-j2gv-g5r9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atn8-a9f2-hqbq
5
url VCID-de4p-g9a9-1fcd
vulnerability_id VCID-de4p-g9a9-1fcd
summary 
XEE vulnerability via DIH's dataConfig request parameter
This vulnerability relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1308.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1308.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1308
reference_id
reference_type
scores
0
value 0.0434
scoring_system epss
scoring_elements 0.8911
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1308
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308
3
reference_url https://github.com/advisories/GHSA-3pph-2595-cgfh
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3pph-2595-cgfh
4
reference_url https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f
5
reference_url https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450
6
reference_url https://github.com/apache/lucene-solr/commit/739a7933
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/739a7933
7
reference_url https://github.com/apache/lucene-solr/commit/739a79338856599084617d44b6a1b424af059aa
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/739a79338856599084617d44b6a1b424af059aa
8
reference_url https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee6
reference_id
reference_type
scores
url https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee6
9
reference_url https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63
10
reference_url https://issues.apache.org/jira/browse/SOLR-11971
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-11971
11
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
12
reference_url https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html
13
reference_url https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1308
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1308
15
reference_url https://www.debian.org/security/2018/dsa-4194
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4194
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1564959
reference_id 1564959
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1564959
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604
reference_id 896604
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@6.6.3
purl pkg:maven/org.apache.solr/solr-core@6.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcs-eg6f-fubn
1
vulnerability VCID-45ku-xn2x-3fdg
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-f12z-qhkn-qyhb
4
vulnerability VCID-g95c-rfw6-kqgs
5
vulnerability VCID-n5hy-aw33-skh2
6
vulnerability VCID-vdk1-r552-kqhh
7
vulnerability VCID-w2ku-uvwz-4bhx
8
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@6.6.3
1
url pkg:maven/org.apache.solr/solr-core@7.3.0
purl pkg:maven/org.apache.solr/solr-core@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcs-eg6f-fubn
1
vulnerability VCID-45ku-xn2x-3fdg
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-f12z-qhkn-qyhb
4
vulnerability VCID-n5hy-aw33-skh2
5
vulnerability VCID-vdk1-r552-kqhh
6
vulnerability VCID-w2ku-uvwz-4bhx
7
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@7.3.0
aliases CVE-2018-1308, GHSA-3pph-2595-cgfh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de4p-g9a9-1fcd
6
url VCID-dvqy-cfd4-ybgn
vulnerability_id VCID-dvqy-cfd4-ybgn
summary 
XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler
The DocumentAnalysisRequestHandler in this package does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1844.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0029.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0029.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6408.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6408.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6408
reference_id
reference_type
scores
0
value 0.11391
scoring_system epss
scoring_elements 0.93698
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6408
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
8
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
9
reference_url https://github.com/apache/lucene-solr/commit/7239a57a51ea0f4d05dd330ce5e15e4f72f72747
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/7239a57a51ea0f4d05dd330ce5e15e4f72f72747
10
reference_url https://issues.apache.org/jira/browse/SOLR-4881
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-4881
11
reference_url https://issues.apache.org/jira/browse/SOLR-5520
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/SOLR-5520
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6408
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6408
13
reference_url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
14
reference_url http://www.openwall.com/lists/oss-security/2013/11/29/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/11/29/2
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1035985
reference_id 1035985
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1035985
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id 731113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
17
reference_url https://bugzilla.redhat.com/CVE-2013-6408
reference_id CVE-2013-6408
reference_type
scores
url https://bugzilla.redhat.com/CVE-2013-6408
18
reference_url https://access.redhat.com/errata/RHSA-2013:1844
reference_id RHSA-2013:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1844
19
reference_url https://access.redhat.com/errata/RHSA-2014:0029
reference_id RHSA-2014:0029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0029
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@4.3.1
purl pkg:maven/org.apache.solr/solr-core@4.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-5w3j-gqqb-qbgf
3
vulnerability VCID-69cb-ed9r-guda
4
vulnerability VCID-atn8-a9f2-hqbq
5
vulnerability VCID-de4p-g9a9-1fcd
6
vulnerability VCID-dvqy-cfd4-ybgn
7
vulnerability VCID-em3u-s65w-ubbz
8
vulnerability VCID-f12z-qhkn-qyhb
9
vulnerability VCID-n5hy-aw33-skh2
10
vulnerability VCID-vdk1-r552-kqhh
11
vulnerability VCID-x81k-2zr1-b7c3
12
vulnerability VCID-z6tk-uqhb-wuav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.3.1
1
url pkg:maven/org.apache.solr/solr-core@4.6.0
purl pkg:maven/org.apache.solr/solr-core@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-em3u-s65w-ubbz
6
vulnerability VCID-f12z-qhkn-qyhb
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.6.0
2
url pkg:maven/org.apache.solr/solr-core@5.0.0
purl pkg:maven/org.apache.solr/solr-core@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-f12z-qhkn-qyhb
6
vulnerability VCID-g95c-rfw6-kqgs
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.0.0
aliases CVE-2013-6408, GHSA-45w3-2hvv-pfxq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvqy-cfd4-ybgn
7
url VCID-em3u-s65w-ubbz
vulnerability_id VCID-em3u-s65w-ubbz
summary Solr is vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via the update handler. By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
references
0
reference_url http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12401.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12401.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12401
reference_id
reference_type
scores
0
value 0.32768
scoring_system epss
scoring_elements 0.96971
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12401
3
reference_url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr
4
reference_url https://issues.apache.org/jira/browse/SOLR-13750
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-13750
5
reference_url https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E
12
reference_url https://security.netapp.com/advisory/ntap-20190926-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190926-0002
13
reference_url http://www.openwall.com/lists/oss-security/2019/09/10/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/09/10/1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789513
reference_id 1789513
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789513
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12401
reference_id CVE-2019-12401
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12401
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@5.0.0
purl pkg:maven/org.apache.solr/solr-core@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-f12z-qhkn-qyhb
6
vulnerability VCID-g95c-rfw6-kqgs
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.0.0
aliases CVE-2019-12401, GHSA-jq2w-w7v2-69q5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-em3u-s65w-ubbz
8
url VCID-f12z-qhkn-qyhb
vulnerability_id VCID-f12z-qhkn-qyhb
summary 
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
references
0
reference_url http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-3164
reference_id
reference_type
scores
0
value 0.5954
scoring_system epss
scoring_elements 0.98281
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-3164
2
reference_url http://security.netapp.com/advisory/ntap-20190327-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://security.netapp.com/advisory/ntap-20190327-0003
3
reference_url https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39@%3Cdev.lucene.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7@%3Cdev.lucene.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649@%3Cdev.lucene.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de@%3Cdev.lucene.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
10
reference_url http://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/security-alerts/cpuoct2020.html
11
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922242
reference_id 922242
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922242
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-3164
reference_id CVE-2017-3164
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-3164
14
reference_url https://github.com/advisories/GHSA-vrh8-27q8-fr8f
reference_id GHSA-vrh8-27q8-fr8f
reference_type
scores
url https://github.com/advisories/GHSA-vrh8-27q8-fr8f
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@7.7.0
purl pkg:maven/org.apache.solr/solr-core@7.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcs-eg6f-fubn
1
vulnerability VCID-69cb-ed9r-guda
2
vulnerability VCID-n5hy-aw33-skh2
3
vulnerability VCID-vdk1-r552-kqhh
4
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@7.7.0
aliases CVE-2017-3164, GHSA-vrh8-27q8-fr8f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f12z-qhkn-qyhb
9
url VCID-n5hy-aw33-skh2
vulnerability_id VCID-n5hy-aw33-skh2
summary 
Improper Input Validation
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13941.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13941.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13941
reference_id
reference_type
scores
0
value 0.01961
scoring_system epss
scoring_elements 0.83832
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13941
2
reference_url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be@%3Ccommits.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be@%3Ccommits.lucene.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869167
reference_id 1869167
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869167
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13941
reference_id CVE-2020-13941
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13941
8
reference_url https://github.com/advisories/GHSA-2467-h365-j7hm
reference_id GHSA-2467-h365-j7hm
reference_type
scores
url https://github.com/advisories/GHSA-2467-h365-j7hm
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@8.6.0
purl pkg:maven/org.apache.solr/solr-core@8.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zcs-eg6f-fubn
1
vulnerability VCID-69cb-ed9r-guda
2
vulnerability VCID-btfr-9waw-x7cw
3
vulnerability VCID-h4py-1vy2-8uhg
4
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@8.6.0
aliases CVE-2020-13941, GHSA-2467-h365-j7hm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5hy-aw33-skh2
10
url VCID-vdk1-r552-kqhh
vulnerability_id VCID-vdk1-r552-kqhh
summary 
XML External Entity (XXE) Injection in Apache Solr
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0193.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0193.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0193
reference_id
reference_type
scores
0
value 0.93056
scoring_system epss
scoring_elements 0.99795
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0193
2
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
3
reference_url https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f7
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f7
4
reference_url https://issues.apache.org/jira/browse/SOLR-13669
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-13669
5
reference_url https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
43
reference_url https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html
44
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html
45
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESOLR-536063
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESOLR-536063
46
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0193
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0193
47
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1736774
reference_id 1736774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1736774
48
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0193
reference_id CVE-2019-0193
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0193
49
reference_url https://github.com/advisories/GHSA-3gm7-v7vw-866c
reference_id GHSA-3gm7-v7vw-866c
reference_type
scores
url https://github.com/advisories/GHSA-3gm7-v7vw-866c
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@8.2.0
purl pkg:maven/org.apache.solr/solr-core@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2fyt-y5n1-zfbd
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-n5hy-aw33-skh2
4
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@8.2.0
aliases CVE-2019-0193, GHSA-3gm7-v7vw-866c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdk1-r552-kqhh
11
url VCID-x81k-2zr1-b7c3
vulnerability_id VCID-x81k-2zr1-b7c3
summary 
Server-Side Request Forgery (SSRF)
The `ReplicationHandler` (normally registered at `/replication` under a Solr core) in Apache Solr has a `masterUrl` (also `leaderUrl` alias) parameter that is used to designate another `ReplicationHandler` on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the `shards` parameter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27905.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27905.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27905
reference_id
reference_type
scores
0
value 0.93901
scoring_system epss
scoring_elements 0.99885
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27905
2
reference_url https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a@%3Ccommits.ofbiz.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a@%3Ccommits.ofbiz.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e@%3Ccommits.ofbiz.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e@%3Ccommits.ofbiz.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a@%3Ccommits.ofbiz.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a@%3Ccommits.ofbiz.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d@%3Cnotifications.ofbiz.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d@%3Cnotifications.ofbiz.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f@%3Cnotifications.ofbiz.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f@%3Cnotifications.ofbiz.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430@%3Cnotifications.ofbiz.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430@%3Cnotifications.ofbiz.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f@%3Cnotifications.ofbiz.apache.org%3E
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f@%3Cnotifications.ofbiz.apache.org%3E
13
reference_url https://security.netapp.com/advisory/ntap-20210611-0009
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210611-0009
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1949516
reference_id 1949516
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1949516
15
reference_url https://security.archlinux.org/AVG-1808
reference_id AVG-1808
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1808
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27905
reference_id CVE-2021-27905
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27905
17
reference_url https://github.com/advisories/GHSA-5phw-3jrp-3vj8
reference_id GHSA-5phw-3jrp-3vj8
reference_type
scores
url https://github.com/advisories/GHSA-5phw-3jrp-3vj8
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@8.8.2
purl pkg:maven/org.apache.solr/solr-core@8.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@8.8.2
aliases CVE-2021-27905, GHSA-5phw-3jrp-3vj8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x81k-2zr1-b7c3
12
url VCID-z6tk-uqhb-wuav
vulnerability_id VCID-z6tk-uqhb-wuav
summary 
XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler
This package allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1844.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0029.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0029.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6407.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6407.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6407
reference_id
reference_type
scores
0
value 0.11391
scoring_system epss
scoring_elements 0.93698
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6407
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
8
reference_url http://secunia.com/advisories/55542
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/55542
9
reference_url http://secunia.com/advisories/59372
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59372
10
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
11
reference_url https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
12
reference_url https://issues.apache.org/jira/browse/SOLR-3895
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-3895
13
reference_url https://issues.apache.org/jira/browse/SOLR-5520
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/SOLR-5520
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6407
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6407
15
reference_url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
16
reference_url http://www.openwall.com/lists/oss-security/2013/11/29/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/11/29/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1035981
reference_id 1035981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1035981
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id 731113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
19
reference_url https://bugzilla.redhat.com/CVE-2013-6407
reference_id CVE-2013-6407
reference_type
scores
url https://bugzilla.redhat.com/CVE-2013-6407
20
reference_url https://access.redhat.com/errata/RHSA-2013:1844
reference_id RHSA-2013:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1844
21
reference_url https://access.redhat.com/errata/RHSA-2014:0029
reference_id RHSA-2014:0029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0029
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@4.6.0
purl pkg:maven/org.apache.solr/solr-core@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-em3u-s65w-ubbz
6
vulnerability VCID-f12z-qhkn-qyhb
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.6.0
1
url pkg:maven/org.apache.solr/solr-core@5.0.0
purl pkg:maven/org.apache.solr/solr-core@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-f12z-qhkn-qyhb
6
vulnerability VCID-g95c-rfw6-kqgs
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.0.0
aliases CVE-2013-6407, GHSA-998j-j6v9-5846
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tk-uqhb-wuav
Fixing_vulnerabilities
0
url VCID-c331-nd2z-fqdn
vulnerability_id VCID-c331-nd2z-fqdn
summary The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1844.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1844.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0029.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0029.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6612.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6612.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6612
reference_id
reference_type
scores
0
value 0.01357
scoring_system epss
scoring_elements 0.80465
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6612
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
8
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
9
reference_url https://github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c
10
reference_url https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
11
reference_url https://issues.apache.org/jira/browse/SOLR-3895
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-3895
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6612
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-6612
13
reference_url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1035981
reference_id 1035981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1035981
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id 731113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
16
reference_url https://access.redhat.com/errata/RHSA-2013:1844
reference_id RHSA-2013:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1844
17
reference_url https://access.redhat.com/errata/RHSA-2014:0029
reference_id RHSA-2014:0029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0029
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@4.1.0
purl pkg:maven/org.apache.solr/solr-core@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-5w3j-gqqb-qbgf
3
vulnerability VCID-69cb-ed9r-guda
4
vulnerability VCID-atn8-a9f2-hqbq
5
vulnerability VCID-de4p-g9a9-1fcd
6
vulnerability VCID-dvqy-cfd4-ybgn
7
vulnerability VCID-em3u-s65w-ubbz
8
vulnerability VCID-f12z-qhkn-qyhb
9
vulnerability VCID-n5hy-aw33-skh2
10
vulnerability VCID-vdk1-r552-kqhh
11
vulnerability VCID-x81k-2zr1-b7c3
12
vulnerability VCID-z6tk-uqhb-wuav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.1.0
aliases CVE-2012-6612, GHSA-6cpj-3g83-q2j4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c331-nd2z-fqdn
1
url VCID-z6tk-uqhb-wuav
vulnerability_id VCID-z6tk-uqhb-wuav
summary 
XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler
This package allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1844.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1844.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0029.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0029.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6407.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6407.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6407
reference_id
reference_type
scores
0
value 0.11391
scoring_system epss
scoring_elements 0.93698
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6407
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
8
reference_url http://secunia.com/advisories/55542
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/55542
9
reference_url http://secunia.com/advisories/59372
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59372
10
reference_url https://github.com/apache/lucene-solr
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr
11
reference_url https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
12
reference_url https://issues.apache.org/jira/browse/SOLR-3895
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-3895
13
reference_url https://issues.apache.org/jira/browse/SOLR-5520
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/SOLR-5520
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6407
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6407
15
reference_url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
16
reference_url http://www.openwall.com/lists/oss-security/2013/11/29/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/11/29/2
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1035981
reference_id 1035981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1035981
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id 731113
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
19
reference_url https://bugzilla.redhat.com/CVE-2013-6407
reference_id CVE-2013-6407
reference_type
scores
url https://bugzilla.redhat.com/CVE-2013-6407
20
reference_url https://access.redhat.com/errata/RHSA-2013:1844
reference_id RHSA-2013:1844
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1844
21
reference_url https://access.redhat.com/errata/RHSA-2014:0029
reference_id RHSA-2014:0029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0029
fixed_packages
0
url pkg:maven/org.apache.solr/solr-core@4.1.0
purl pkg:maven/org.apache.solr/solr-core@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-5w3j-gqqb-qbgf
3
vulnerability VCID-69cb-ed9r-guda
4
vulnerability VCID-atn8-a9f2-hqbq
5
vulnerability VCID-de4p-g9a9-1fcd
6
vulnerability VCID-dvqy-cfd4-ybgn
7
vulnerability VCID-em3u-s65w-ubbz
8
vulnerability VCID-f12z-qhkn-qyhb
9
vulnerability VCID-n5hy-aw33-skh2
10
vulnerability VCID-vdk1-r552-kqhh
11
vulnerability VCID-x81k-2zr1-b7c3
12
vulnerability VCID-z6tk-uqhb-wuav
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.1.0
1
url pkg:maven/org.apache.solr/solr-core@4.6.0
purl pkg:maven/org.apache.solr/solr-core@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-em3u-s65w-ubbz
6
vulnerability VCID-f12z-qhkn-qyhb
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.6.0
2
url pkg:maven/org.apache.solr/solr-core@5.0.0
purl pkg:maven/org.apache.solr/solr-core@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nwy-8r1n-y7cc
1
vulnerability VCID-3zcs-eg6f-fubn
2
vulnerability VCID-69cb-ed9r-guda
3
vulnerability VCID-atn8-a9f2-hqbq
4
vulnerability VCID-de4p-g9a9-1fcd
5
vulnerability VCID-f12z-qhkn-qyhb
6
vulnerability VCID-g95c-rfw6-kqgs
7
vulnerability VCID-n5hy-aw33-skh2
8
vulnerability VCID-vdk1-r552-kqhh
9
vulnerability VCID-x81k-2zr1-b7c3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@5.0.0
aliases CVE-2013-6407, GHSA-998j-j6v9-5846
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6tk-uqhb-wuav
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@4.1.0