Package Instance

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6612

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6612.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6612.json

reference_url

reference_id

reference_type

scores

value	0.01357
scoring_system	epss
scoring_elements	0.80159
published_at	2026-04-18T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80129
published_at	2026-04-13T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80137
published_at	2026-04-12T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80152
published_at	2026-04-11T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80082
published_at	2026-04-01T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80089
published_at	2026-04-02T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80134
published_at	2026-04-09T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.8011
published_at	2026-04-04T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80127
published_at	2026-04-08T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80098
published_at	2026-04-07T12:55:00Z

value	0.01357
scoring_system	epss
scoring_elements	0.80162
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6612

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c

reference_url

https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6612

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6612

reference_url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1035981
reference_id	1035981
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1035981

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id	731113
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113

reference_url

https://github.com/advisories/GHSA-6cpj-3g83-q2j4

reference_id

GHSA-6cpj-3g83-q2j4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6cpj-3g83-q2j4

reference_url	https://access.redhat.com/errata/RHSA-2013:1844
reference_id	RHSA-2013:1844
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1844

reference_url	https://access.redhat.com/errata/RHSA-2014:0029
reference_id	RHSA-2014:0029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0029

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-2%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2012-6612, GHSA-6cpj-3g83-q2j4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3f1v-ypty-mygx

url VCID-3gq7-8e2z-yqcv

vulnerability_id VCID-3gq7-8e2z-yqcv

summary

Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components.  Only deployments that meet all of the following criteria are impacted by this vulnerability:

  *  Use of Solr's "RuleBasedAuthorizationPlugin"
  *  A RuleBasedAuthorizationPlugin config (see security.json) that specifies multiple "roles"
  *  A RuleBasedAuthorizationPlugin permission list (see security.json) that uses one or more of the following pre-defined permission rules: "config-read", "config-edit", "schema-read", "metrics-read", or "security-read".
  *  A RuleBasedAuthorizationPlugin permission list that doesn't define the "all" pre-defined permission
  *  A networking setup that allows clients to make unfiltered network requests to Solr. (i.e. user-submitted HTTP/HTTPS requests reach Solr as-is, unmodified or restricted by any intervening proxy or gateway)

Users can mitigate this vulnerability by ensuring that their RuleBasedAuthorizationPlugin configuration specifies the "all" pre-defined permission and associates the permission with an "admin" or other privileged role.  Users can also upgrade to a Solr version outside of the impacted range, such as the recently released Solr 9.10.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22022.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22022.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22022

reference_id

reference_type

scores

value	0.00186
scoring_system	epss
scoring_elements	0.4031
published_at	2026-04-21T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40385
published_at	2026-04-18T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40416
published_at	2026-04-16T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40369
published_at	2026-04-13T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40388
published_at	2026-04-12T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40426
published_at	2026-04-11T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40406
published_at	2026-04-09T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40394
published_at	2026-04-08T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40343
published_at	2026-04-07T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40419
published_at	2026-04-04T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40393
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22022

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0

reference_url

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/c135e6335c7158fa26e96b0dc386f825255b47c0

reference_url

https://issues.apache.org/jira/browse/SOLR-18054

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-18054

reference_url

https://lists.apache.org/thread/d59hqbgo7p62myq7mgfpz7or8n1j7wbn

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:34:12Z/

url

https://lists.apache.org/thread/d59hqbgo7p62myq7mgfpz7or8n1j7wbn

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-22022

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-22022

reference_url

http://www.openwall.com/lists/oss-security/2026/01/20/4

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/01/20/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431603
reference_id	2431603
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431603

reference_url

https://github.com/advisories/GHSA-qr3p-2xj2-q7hq

reference_id

GHSA-qr3p-2xj2-q7hq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qr3p-2xj2-q7hq

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2026-22022, GHSA-qr3p-2xj2-q7hq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gq7-8e2z-yqcv

url VCID-3vmh-e7x6-3kf6

vulnerability_id VCID-3vmh-e7x6-3kf6

summary

Incorrect Authorization in Apache Solr
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29943.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29943.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29943

reference_id

reference_type

scores

value	0.07673
scoring_system	epss
scoring_elements	0.91915
published_at	2026-04-21T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91918
published_at	2026-04-18T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91922
published_at	2026-04-16T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91907
published_at	2026-04-12T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91903
published_at	2026-04-13T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91863
published_at	2026-04-01T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91898
published_at	2026-04-08T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91885
published_at	2026-04-07T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91878
published_at	2026-04-04T12:55:00Z

value	0.07673
scoring_system	epss
scoring_elements	0.91871
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29943

reference_url

https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-29943

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-29943

reference_url

https://security.netapp.com/advisory/ntap-20210604-0009

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210604-0009

reference_url	https://security.netapp.com/advisory/ntap-20210604-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210604-0009/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1949521
reference_id	1949521
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1949521

reference_url

reference_id

AVG-1808

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-vf7p-j8x6-xvwp

reference_url

reference_id

GHSA-vf7p-j8x6-xvwp

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vf7p-j8x6-xvwp

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2021-29943, GHSA-vf7p-j8x6-xvwp

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vmh-e7x6-3kf6

url VCID-418m-x1un-gufd

vulnerability_id VCID-418m-x1un-gufd

summary

Apache Solr: Insufficient file-access checking in standalone core-creation requests
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's  "allowPaths" security setting https://https://solr.apache.org/guide/solr/latest/configuration-guide/configuring-solr-xml.html#the-solr-element .  These read-only accesses can allow users to create cores using unexpected configsets if any are accessible via the filesystem.  On Windows systems configured to allow UNC paths this can additionally cause disclosure of NTLM "user" hashes. 

Solr deployments are subject to this vulnerability if they meet the following criteria:
  *  Solr is running in its "standalone" mode.
  *  Solr's "allowPath" setting is being used to restrict file access to certain directories.
  *  Solr's "create core" API is exposed and accessible to untrusted users.  This can happen if Solr's  RuleBasedAuthorizationPlugin https://solr.apache.org/guide/solr/latest/deployment-guide/rule-based-authorization-plugin.html  is disabled, or if it is enabled but the "core-admin-edit" predefined permission (or an equivalent custom permission) is given to low-trust (i.e. non-admin) user roles.

Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list that prevents untrusted users from creating new Solr cores.  Users should also upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22444.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22444.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22444

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.08778
published_at	2026-04-21T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08718
published_at	2026-04-02T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08766
published_at	2026-04-04T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08692
published_at	2026-04-07T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08767
published_at	2026-04-08T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08794
published_at	2026-04-09T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08795
published_at	2026-04-11T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08763
published_at	2026-04-12T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08748
published_at	2026-04-13T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08636
published_at	2026-04-16T12:55:00Z

value	0.00031
scoring_system	epss
scoring_elements	0.08625
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22444

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-18058

reference_url

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-18058

reference_url

https://lists.apache.org/thread/qkrb9dd4xrlqmmq73lrhkbfkttto2d1m

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T15:38:26Z/

url

https://lists.apache.org/thread/qkrb9dd4xrlqmmq73lrhkbfkttto2d1m

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-22444

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-22444

reference_url

http://www.openwall.com/lists/oss-security/2026/01/20/5

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/01/20/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2431604
reference_id	2431604
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2431604

reference_url

https://github.com/advisories/GHSA-vc2w-4v3p-2mqw

reference_id

GHSA-vc2w-4v3p-2mqw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vc2w-4v3p-2mqw

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2026-22444, GHSA-vc2w-4v3p-2mqw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-418m-x1un-gufd

url VCID-49bu-dy1u-2fb9

vulnerability_id VCID-49bu-dy1u-2fb9

summary

Improper Neutralization of Input During Web Page Generation in Apache Solr
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.

references

reference_url	http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804%40apache.org%3E
reference_id
reference_type
scores
url	http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804%40apache.org%3E

reference_url

http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804@apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://mail-archives.us.apache.org/mod_mbox/www-announce/201412.mbox/%3C54A1A7C7.2070804@apache.org%3E

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3628.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3628.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3628

reference_id

reference_type

scores

value	0.01382
scoring_system	epss
scoring_elements	0.80247
published_at	2026-04-01T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.80335
published_at	2026-04-21T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.80298
published_at	2026-04-13T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.80328
published_at	2026-04-16T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.8033
published_at	2026-04-18T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.80254
published_at	2026-04-02T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.80274
published_at	2026-04-04T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.80262
published_at	2026-04-07T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.8029
published_at	2026-04-08T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.803
published_at	2026-04-09T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.80319
published_at	2026-04-11T12:55:00Z

value	0.01382
scoring_system	epss
scoring_elements	0.80304
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3628

reference_url	http://secunia.com/advisories/62024
reference_id
reference_type
scores
url	http://secunia.com/advisories/62024

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3628

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3628

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1179795
reference_id	1179795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1179795

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:alpha::::::
reference_id	cpe:2.3:a:apache:solr:4.0.0:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:beta::::::
reference_id	cpe:2.3:a:apache:solr:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.1.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.10.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.10.1:::::::*
reference_id	cpe:2.3:a:apache:solr:4.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.10.2:::::::*
reference_id	cpe:2.3:a:apache:solr:4.10.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.10.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.2.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.2.1:::::::*
reference_id	cpe:2.3:a:apache:solr:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.3.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.3.1:::::::*
reference_id	cpe:2.3:a:apache:solr:4.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.4.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.5.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.5.1:::::::*
reference_id	cpe:2.3:a:apache:solr:4.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.6.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.6.1:::::::*
reference_id	cpe:2.3:a:apache:solr:4.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.7.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.7.1:::::::*
reference_id	cpe:2.3:a:apache:solr:4.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.7.2:::::::*
reference_id	cpe:2.3:a:apache:solr:4.7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.8.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.8.1:::::::*
reference_id	cpe:2.3:a:apache:solr:4.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.9.0:::::::*
reference_id	cpe:2.3:a:apache:solr:4.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.9.1:::::::*
reference_id	cpe:2.3:a:apache:solr:4.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:4.9.1:::::::*

reference_url

https://github.com/advisories/GHSA-wgw2-gw4v-9w4j

reference_id

GHSA-wgw2-gw4v-9w4j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wgw2-gw4v-9w4j

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2014-3628, GHSA-wgw2-gw4v-9w4j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49bu-dy1u-2fb9

url VCID-4dgs-1mk2-5ubr

vulnerability_id VCID-4dgs-1mk2-5ubr

summary

Improper Input Validation
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13941.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13941.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13941

reference_id

reference_type

scores

value	0.02798
scoring_system	epss
scoring_elements	0.86123
published_at	2026-04-21T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.86129
published_at	2026-04-18T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.86124
published_at	2026-04-16T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.86107
published_at	2026-04-13T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.86112
published_at	2026-04-12T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.86114
published_at	2026-04-11T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.861
published_at	2026-04-09T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.86089
published_at	2026-04-08T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.8607
published_at	2026-04-07T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.86043
published_at	2026-04-01T12:55:00Z

value	0.02798
scoring_system	epss
scoring_elements	0.86054
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13941

reference_url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be@%3Ccommits.lucene.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be@%3Ccommits.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1869167
reference_id	1869167
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1869167

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13941

reference_id

CVE-2020-13941

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13941

reference_url

https://github.com/advisories/GHSA-2467-h365-j7hm

reference_id

GHSA-2467-h365-j7hm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2467-h365-j7hm

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-23%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2020-13941, GHSA-2467-h365-j7hm

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4dgs-1mk2-5ubr

url VCID-5esr-zs91-zbb5

vulnerability_id VCID-5esr-zs91-zbb5

summary

Improper Neutralization of Input During Web Page Generation in Apache Solr
Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8795

reference_id

reference_type

scores

value	0.02559
scoring_system	epss
scoring_elements	0.85536
published_at	2026-04-21T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.85494
published_at	2026-04-08T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.85502
published_at	2026-04-09T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.85517
published_at	2026-04-11T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.85515
published_at	2026-04-12T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.85511
published_at	2026-04-13T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.85535
published_at	2026-04-16T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.8554
published_at	2026-04-18T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.85438
published_at	2026-04-01T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.8545
published_at	2026-04-02T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.8547
published_at	2026-04-04T12:55:00Z

value	0.02559
scoring_system	epss
scoring_elements	0.85473
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8795

reference_url

https://issues.apache.org/jira/browse/SOLR-7346

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-7346

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8795

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8795

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url

https://github.com/advisories/GHSA-mx2h-hf7j-2x3p

reference_id

GHSA-mx2h-hf7j-2x3p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mx2h-hf7j-2x3p

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2015-8795, GHSA-mx2h-hf7j-2x3p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5esr-zs91-zbb5

url VCID-5tq3-rye7-nygg

vulnerability_id VCID-5tq3-rye7-nygg

summary The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6407

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6407.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6407.json

reference_url

reference_id

reference_type

scores

value	0.11391
scoring_system	epss
scoring_elements	0.9359
published_at	2026-04-21T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93534
published_at	2026-04-02T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93542
published_at	2026-04-04T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93543
published_at	2026-04-07T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93552
published_at	2026-04-08T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93555
published_at	2026-04-09T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93561
published_at	2026-04-13T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.9356
published_at	2026-04-12T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.9358
published_at	2026-04-16T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93585
published_at	2026-04-18T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93526
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408

reference_url

http://secunia.com/advisories/55542

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/55542

reference_url

http://secunia.com/advisories/59372

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/59372

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6407

reference_url	https://issues.apache.org/jira/browse/SOLR-5520
reference_id
reference_type
scores
url	https://issues.apache.org/jira/browse/SOLR-5520

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6407

reference_url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup

reference_url

http://www.openwall.com/lists/oss-security/2013/11/29/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/11/29/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1035981
reference_id	1035981
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1035981

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id	731113
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113

reference_url	https://bugzilla.redhat.com/CVE-2013-6407
reference_id	CVE-2013-6407
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2013-6407

reference_url

https://github.com/advisories/GHSA-998j-j6v9-5846

reference_id

GHSA-998j-j6v9-5846

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-998j-j6v9-5846

reference_url	https://access.redhat.com/errata/RHSA-2013:1844
reference_id	RHSA-2013:1844
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1844

reference_url	https://access.redhat.com/errata/RHSA-2014:0029
reference_id	RHSA-2014:0029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0029

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-2%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2013-6407, GHSA-998j-j6v9-5846

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5tq3-rye7-nygg

url VCID-835p-mav1-1qem

vulnerability_id VCID-835p-mav1-1qem

summary

Incorrect Authorization in Apache Solr
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. This issue is patched in 8.6.3.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13957.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13957.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13957

reference_id

reference_type

scores

value	0.84821
scoring_system	epss
scoring_elements	0.99347
published_at	2026-04-18T12:55:00Z

value	0.84821
scoring_system	epss
scoring_elements	0.99346
published_at	2026-04-21T12:55:00Z

value	0.84821
scoring_system	epss
scoring_elements	0.99339
published_at	2026-04-07T12:55:00Z

value	0.84821
scoring_system	epss
scoring_elements	0.99338
published_at	2026-04-04T12:55:00Z

value	0.84821
scoring_system	epss
scoring_elements	0.99336
published_at	2026-04-02T12:55:00Z

value	0.84821
scoring_system	epss
scoring_elements	0.99344
published_at	2026-04-13T12:55:00Z

value	0.84821
scoring_system	epss
scoring_elements	0.99342
published_at	2026-04-11T12:55:00Z

value	0.84821
scoring_system	epss
scoring_elements	0.99341
published_at	2026-04-09T12:55:00Z

value	0.84821
scoring_system	epss
scoring_elements	0.9934
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13957

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/e001c2221812a0ba9e9378855040ce72f93eced4

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/e001c2221812a0ba9e9378855040ce72f93eced4

reference_url

https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r13a728994c60be5b5a7049282b5c926dac1fc6a9a0b2362f6adfa573@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075@%3Ccommits.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c783d3d81ba62f3381a17a4d6c826f7dead3a132ba42349c90df075@%3Ccommits.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2236fdf99ac3efbfc36c2df96d3a88f822baa6f45e13fec7ff558e34@%3Cdev.bigtop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2236fdf99ac3efbfc36c2df96d3a88f822baa6f45e13fec7ff558e34@%3Cdev.bigtop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r226c1112bb41e7cd427862d875eff9877a20a40242c2542f4dd39e4a@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r226c1112bb41e7cd427862d875eff9877a20a40242c2542f4dd39e4a@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2a6600fe9afd502c04d26fd112823ec3f3c3ad1b4a289d10567a78a0@%3Cdev.bigtop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2a6600fe9afd502c04d26fd112823ec3f3c3ad1b4a289d10567a78a0@%3Cdev.bigtop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2f8d33a4de07db9459fb2a98a1cd39747066137636b53f84a13e5628@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2f8d33a4de07db9459fb2a98a1cd39747066137636b53f84a13e5628@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3d1e24a73e6bffa1d6534e1f34c8f5cbd9999495e7d933640f4fa0ed@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3d1e24a73e6bffa1d6534e1f34c8f5cbd9999495e7d933640f4fa0ed@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3da9895cea476bcee2557531bebd4e8f6f367dc3ea900a65e2f51cd8@%3Cissues.bigtop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3da9895cea476bcee2557531bebd4e8f6f367dc3ea900a65e2f51cd8@%3Cissues.bigtop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4ca8ba5980d9049cf3707798aa3116ee76c1582f171ff452ad2ca75e@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4ca8ba5980d9049cf3707798aa3116ee76c1582f171ff452ad2ca75e@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5557641fcf5cfd99260a7037cfbc8788fb546b72c98a900570edaa2e@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5557641fcf5cfd99260a7037cfbc8788fb546b72c98a900570edaa2e@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r622a043c2890327f8a4aea16b131e8a7137a282a004614369fceb224@%3Cdev.bigtop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r622a043c2890327f8a4aea16b131e8a7137a282a004614369fceb224@%3Cdev.bigtop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7512ae552cd9d14ab8b1bc0a7e95f2ec52ae85364f068d4034398ede@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7512ae552cd9d14ab8b1bc0a7e95f2ec52ae85364f068d4034398ede@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r853fdc6d0b91d5e01a26c7bd5becb044ad775a231703d634ca5d55c9@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r853fdc6d0b91d5e01a26c7bd5becb044ad775a231703d634ca5d55c9@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8b1782d42d0a4ce573495d5d9345ad328d652c68c411ccdb245c57e3@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r999f828e6e37d9e825e207471cbfd2681c3befcd7f3abd59ed87c0d5@%3Cissues.bigtop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r999f828e6e37d9e825e207471cbfd2681c3befcd7f3abd59ed87c0d5@%3Cissues.bigtop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9d7356f209ee30d702b6a921c866564eb2e291b126640c7ab70feea7@%3Ccommits.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9d7356f209ee30d702b6a921c866564eb2e291b126640c7ab70feea7@%3Ccommits.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb1de6ba50a468e9baff32a249edaa08f6bcec7dd7cc208e25e6b48c8@%3Cissues.bigtop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb1de6ba50a468e9baff32a249edaa08f6bcec7dd7cc208e25e6b48c8@%3Cissues.bigtop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb2f1c7fd3d3ea719dfac4706a80e6affddecae8663dda04e1335347f@%3Ccommits.bigtop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb2f1c7fd3d3ea719dfac4706a80e6affddecae8663dda04e1335347f@%3Ccommits.bigtop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1a32f00017e83ff29a74be2de02e28e4302dddb5f14c624e297a8c0@%3Cdev.bigtop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1a32f00017e83ff29a74be2de02e28e4302dddb5f14c624e297a8c0@%3Cdev.bigtop.apache.org%3E

reference_url

https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E

reference_url

https://security.netapp.com/advisory/ntap-20201023-0002

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201023-0002

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1890514
reference_id	1890514
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1890514

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13957

reference_id

CVE-2020-13957

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13957

reference_url

https://github.com/advisories/GHSA-3c7p-vv5r-cmr5

reference_id

GHSA-3c7p-vv5r-cmr5

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3c7p-vv5r-cmr5

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2020-13957, GHSA-3c7p-vv5r-cmr5

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-835p-mav1-1qem

url VCID-9dma-s4ye-3ued

vulnerability_id VCID-9dma-s4ye-3ued

summary

Insecure Default Initialization of Resource vulnerability in Apache Solr
New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata.
ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request.
"trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.

This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.

Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45217

reference_id

reference_type

scores

value	0.00143
scoring_system	epss
scoring_elements	0.34613
published_at	2026-04-02T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34504
published_at	2026-04-21T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34551
published_at	2026-04-08T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34509
published_at	2026-04-07T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3464
published_at	2026-04-04T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34556
published_at	2026-04-16T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34518
published_at	2026-04-13T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34542
published_at	2026-04-18T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34581
published_at	2026-04-11T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3458
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45217

reference_url

https://issues.apache.org/jira/browse/SOLR-17418

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-17418

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45217

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45217

reference_url

https://solr.apache.org/security.html#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-16T14:59:42Z/

url

https://solr.apache.org/security.html#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly

reference_url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/webapp

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/webapp

reference_url

http://www.openwall.com/lists/oss-security/2024/10/15/9

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/10/15/9

reference_url

https://github.com/advisories/GHSA-h7w9-c5vx-x7j3

reference_id

GHSA-h7w9-c5vx-x7j3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h7w9-c5vx-x7j3

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2024-45217, GHSA-h7w9-c5vx-x7j3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dma-s4ye-3ued

url VCID-a4yf-9j54-e3cp

vulnerability_id VCID-a4yf-9j54-e3cp

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr This issue only affects Windows.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44548

reference_id

reference_type

scores

value	0.0666
scoring_system	epss
scoring_elements	0.91242
published_at	2026-04-21T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.91172
published_at	2026-04-02T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.9118
published_at	2026-04-04T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.91187
published_at	2026-04-07T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.91201
published_at	2026-04-08T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.91207
published_at	2026-04-09T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.91214
published_at	2026-04-11T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.91217
published_at	2026-04-13T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.91241
published_at	2026-04-16T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.9124
published_at	2026-04-18T12:55:00Z

value	0.0666
scoring_system	epss
scoring_elements	0.91166
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44548

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220114-0005

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220114-0005

reference_url	https://security.netapp.com/advisory/ntap-20220114-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220114-0005/

reference_url

https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-44548

reference_id

CVE-2021-44548

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-44548

reference_url

https://github.com/advisories/GHSA-pccr-q7v9-5f27

reference_id

GHSA-pccr-q7v9-5f27

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pccr-q7v9-5f27

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2021-44548, GHSA-pccr-q7v9-5f27

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4yf-9j54-e3cp

url VCID-ftx3-494m-hbee

vulnerability_id VCID-ftx3-494m-hbee

summary

Server-Side Request Forgery in Apache Solr
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27905.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27905.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-27905

reference_id

reference_type

scores

value	0.93901
scoring_system	epss
scoring_elements	0.99877
published_at	2026-04-18T12:55:00Z

value	0.93901
scoring_system	epss
scoring_elements	0.99873
published_at	2026-04-01T12:55:00Z

value	0.93901
scoring_system	epss
scoring_elements	0.99876
published_at	2026-04-21T12:55:00Z

value	0.93901
scoring_system	epss
scoring_elements	0.99875
published_at	2026-04-07T12:55:00Z

value	0.93901
scoring_system	epss
scoring_elements	0.99874
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-27905

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27905

reference_url

https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a@%3Ccommits.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a@%3Ccommits.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e@%3Ccommits.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e@%3Ccommits.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a@%3Ccommits.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a@%3Ccommits.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f@%3Cnotifications.ofbiz.apache.org%3E

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f@%3Cnotifications.ofbiz.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-27905

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-27905

reference_url

https://security.netapp.com/advisory/ntap-20210611-0009

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210611-0009

reference_url	https://security.netapp.com/advisory/ntap-20210611-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210611-0009/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1949516
reference_id	1949516
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1949516

reference_url

reference_id

AVG-1808

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-5phw-3jrp-3vj8

reference_url

reference_id

GHSA-5phw-3jrp-3vj8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5phw-3jrp-3vj8

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-23%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2021-27905, GHSA-5phw-3jrp-3vj8

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftx3-494m-hbee

url VCID-gfmc-r1h7-dfhs

vulnerability_id VCID-gfmc-r1h7-dfhs

summary This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8010.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8010.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8010

reference_id

reference_type

scores

value	0.01708
scoring_system	epss
scoring_elements	0.82359
published_at	2026-04-21T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82357
published_at	2026-04-18T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.8228
published_at	2026-04-07T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82356
published_at	2026-04-16T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82322
published_at	2026-04-13T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82328
published_at	2026-04-12T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82334
published_at	2026-04-11T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82253
published_at	2026-04-01T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82314
published_at	2026-04-09T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82307
published_at	2026-04-08T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82266
published_at	2026-04-02T12:55:00Z

value	0.01708
scoring_system	epss
scoring_elements	0.82285
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8010

reference_url

https://github.com/advisories/GHSA-rc9v-h28f-jcmf

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rc9v-h28f-jcmf

reference_url	https://github.com/apache/lucene-solr/commit/1b760114216fcdfae138a8b37f183a9293c4911
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/1b760114216fcdfae138a8b37f183a9293c4911

reference_url

https://github.com/apache/lucene-solr/commit/4ba409e0ff3dc38aad88f7b7ad69a76325272b8

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/4ba409e0ff3dc38aad88f7b7ad69a76325272b8

reference_url

https://github.com/apache/lucene-solr/commit/6c4e45e28494d4d4d04fb89852d18c86fa3d5f8

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/6c4e45e28494d4d4d04fb89852d18c86fa3d5f8

reference_url

https://github.com/apache/lucene-solr/commit/6d082d5743dee7e08a86b3f2ef03bc025112512

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/6d082d5743dee7e08a86b3f2ef03bc025112512

reference_url

https://github.com/apache/lucene-solr/commit/96f079b4b47eaadff65c7aaf0e5bafe68e30ec3

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/96f079b4b47eaadff65c7aaf0e5bafe68e30ec3

reference_url

https://issues.apache.org/jira/browse/SOLR-12316

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-12316

reference_url

https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

reference_url

https://mail-archives.apache.org/mod_mbox/www-announce/201805.mbox/%3C08a801d3f0f9%24df46d300%249dd47900%24%40apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://mail-archives.apache.org/mod_mbox/www-announce/201805.mbox/%3C08a801d3f0f9%24df46d300%249dd47900%24%40apache.org%3E

reference_url

http://www.securityfocus.com/bid/104239

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/104239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1581037
reference_id	1581037
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1581037

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8010

reference_id

CVE-2018-8010

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8010

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2018-8010, GHSA-rc9v-h28f-jcmf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfmc-r1h7-dfhs

url VCID-h9gm-dpgv-2yeh

vulnerability_id VCID-h9gm-dpgv-2yeh

summary This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1308.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1308.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1308

reference_id

reference_type

scores

value	0.05778
scoring_system	epss
scoring_elements	0.905
published_at	2026-04-21T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.90501
published_at	2026-04-18T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.90447
published_at	2026-04-02T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.90484
published_at	2026-04-13T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.9049
published_at	2026-04-12T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.90483
published_at	2026-04-09T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.90477
published_at	2026-04-08T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.90465
published_at	2026-04-07T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.90459
published_at	2026-04-04T12:55:00Z

value	0.05778
scoring_system	epss
scoring_elements	0.90443
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1308

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308

reference_url

https://github.com/advisories/GHSA-3pph-2595-cgfh

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-3pph-2595-cgfh

reference_url	https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f

reference_url

https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450

reference_url

https://github.com/apache/lucene-solr/commit/739a7933

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/739a7933

reference_url	https://github.com/apache/lucene-solr/commit/739a79338856599084617d44b6a1b424af059aa
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/739a79338856599084617d44b6a1b424af059aa

reference_url	https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee6
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee6

reference_url

https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63

reference_url

https://issues.apache.org/jira/browse/SOLR-11971

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-11971

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html

reference_url

https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1308

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1308

reference_url

https://www.debian.org/security/2018/dsa-4194

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4194

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1564959
reference_id	1564959
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1564959

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604
reference_id	896604
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-12?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-12?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-12%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2018-1308, GHSA-3pph-2595-cgfh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h9gm-dpgv-2yeh

url VCID-hpys-9ncu-3bgv

vulnerability_id VCID-hpys-9ncu-3bgv

summary

Apache Solr: Backup/Restore APIs allow for  deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.

In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.
When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).
If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.

When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.
Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.
In these versions, the following protections have been added:

  *  Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.
  *  The Backup API restricts saving backups to directories that are used in the ClassLoader.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50386.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50386.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50386

reference_id

reference_type

scores

value	0.84724
scoring_system	epss
scoring_elements	0.99343
published_at	2026-04-21T12:55:00Z

value	0.84724
scoring_system	epss
scoring_elements	0.99335
published_at	2026-04-04T12:55:00Z

value	0.84724
scoring_system	epss
scoring_elements	0.9934
published_at	2026-04-13T12:55:00Z

value	0.84724
scoring_system	epss
scoring_elements	0.99339
published_at	2026-04-11T12:55:00Z

value	0.84724
scoring_system	epss
scoring_elements	0.99338
published_at	2026-04-09T12:55:00Z

value	0.84724
scoring_system	epss
scoring_elements	0.99337
published_at	2026-04-08T12:55:00Z

value	0.84724
scoring_system	epss
scoring_elements	0.99333
published_at	2026-04-02T12:55:00Z

value	0.84724
scoring_system	epss
scoring_elements	0.99336
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50386

reference_url

https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda

reference_url

https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9

reference_url

https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859

reference_url

https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152

reference_url

https://issues.apache.org/jira/browse/SOLR-16949

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-16949

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50386

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50386

reference_url

https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-30T04:00:07Z/

url

https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets

reference_url

http://www.openwall.com/lists/oss-security/2024/02/09/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-30T04:00:07Z/

url

http://www.openwall.com/lists/oss-security/2024/02/09/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263585
reference_id	2263585
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263585

reference_url

https://github.com/advisories/GHSA-37vr-vmg4-jwpw

reference_id

GHSA-37vr-vmg4-jwpw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-37vr-vmg4-jwpw

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-23%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2023-50386, GHSA-37vr-vmg4-jwpw

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpys-9ncu-3bgv

url VCID-jc41-ky5q-tkhv

vulnerability_id VCID-jc41-ky5q-tkhv

summary

Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Insufficiently Protected Credentials vulnerability in Apache Solr.

This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.
One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name.
There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint.
This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.

This /admin/info/properties endpoint is protected under the "config-read" permission.
Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission.
Users are recommended to upgrade to version 9.3.0 or 8.11.3, both of which fix the issue.
A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps".
By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password".

Users who cannot upgrade can also use the following Java system property to fix the issue:
`-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*`

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50291.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50291

reference_id

reference_type

scores

value	0.03074
scoring_system	epss
scoring_elements	0.86772
published_at	2026-04-21T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86706
published_at	2026-04-02T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86725
published_at	2026-04-04T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86724
published_at	2026-04-07T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86743
published_at	2026-04-08T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86753
published_at	2026-04-09T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86766
published_at	2026-04-11T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86763
published_at	2026-04-12T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86756
published_at	2026-04-13T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86771
published_at	2026-04-16T12:55:00Z

value	0.03074
scoring_system	epss
scoring_elements	0.86776
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50291

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/659021c7d50164a3166887f24875228431b02102

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/659021c7d50164a3166887f24875228431b02102

reference_url

https://github.com/apache/solr/commit/98c198810f2cd934d23d0d80aadb570a2bbb3b8e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/98c198810f2cd934d23d0d80aadb570a2bbb3b8e

reference_url

https://issues.apache.org/jira/browse/SOLR-16809

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-16809

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50291

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50291

reference_url

https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:48Z/

url

https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies

reference_url

http://www.openwall.com/lists/oss-security/2024/02/09/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:48Z/

url

http://www.openwall.com/lists/oss-security/2024/02/09/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263577
reference_id	2263577
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263577

reference_url

https://github.com/advisories/GHSA-3hwc-rqwp-v36q

reference_id

GHSA-3hwc-rqwp-v36q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3hwc-rqwp-v36q

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-23%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2023-50291, GHSA-3hwc-rqwp-v36q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jc41-ky5q-tkhv

url VCID-ke61-vddr-4udk

vulnerability_id VCID-ke61-vddr-4udk

summary When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163

reference_url

https://access.redhat.com/errata/RHSA-2018:1447

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1447

reference_url

https://access.redhat.com/errata/RHSA-2018:1448

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1448

reference_url

https://access.redhat.com/errata/RHSA-2018:1449

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1449

reference_url

https://access.redhat.com/errata/RHSA-2018:1450

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1450

reference_url

https://access.redhat.com/errata/RHSA-2018:1451

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1451

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3163.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3163.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-3163

reference_id

reference_type

scores

value	0.16448
scoring_system	epss
scoring_elements	0.94887
published_at	2026-04-13T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.949
published_at	2026-04-21T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.94865
published_at	2026-04-07T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.94874
published_at	2026-04-08T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.94878
published_at	2026-04-09T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.94882
published_at	2026-04-11T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.94885
published_at	2026-04-12T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.94897
published_at	2026-04-18T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.94894
published_at	2026-04-16T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.9485
published_at	2026-04-01T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.9486
published_at	2026-04-02T12:55:00Z

value	0.16448
scoring_system	epss
scoring_elements	0.94863
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-3163

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163

reference_url

https://github.com/advisories/GHSA-387v-84cv-9qmc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-387v-84cv-9qmc

reference_url	https://github.com/apache/lucene-solr/commit/3a4f885b18bc963a8326c752bd229497908f1db
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/3a4f885b18bc963a8326c752bd229497908f1db

reference_url	https://github.com/apache/lucene-solr/commit/6f598d24692a89da9b5b671be6cf4b947aa39266
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/6f598d24692a89da9b5b671be6cf4b947aa39266

reference_url	https://github.com/apache/lucene-solr/commit/7088137d52256354a52ed86547b9faa0e704293
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/7088137d52256354a52ed86547b9faa0e704293

reference_url	https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4d
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4d

reference_url	https://issues.apache.org/jira/browse/SOLR-10031
reference_id
reference_type
scores
url	https://issues.apache.org/jira/browse/SOLR-10031

reference_url

https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-3163

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1454783
reference_id	1454783
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1454783

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712
reference_id	867712
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712

reference_url

reference_id

CVE-2017-3163

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-3163

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-11?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-11?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-11%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2017-3163, GHSA-387v-84cv-9qmc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ke61-vddr-4udk

url VCID-keda-efkh-y3fg

vulnerability_id VCID-keda-efkh-y3fg

summary

Apache Solr allows read access to host environmet variables
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.

The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.

The Solr Metrics API is protected by the "metrics-read" permission. Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission.

This issue affects Apache Solr: from 9.0.0 before 9.3.0.

Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50290.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50290.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50290

reference_id

reference_type

scores

value	0.92562
scoring_system	epss
scoring_elements	0.99737
published_at	2026-04-02T12:55:00Z

value	0.92874
scoring_system	epss
scoring_elements	0.99768
published_at	2026-04-07T12:55:00Z

value	0.92874
scoring_system	epss
scoring_elements	0.99771
published_at	2026-04-21T12:55:00Z

value	0.92874
scoring_system	epss
scoring_elements	0.9977
published_at	2026-04-18T12:55:00Z

value	0.92874
scoring_system	epss
scoring_elements	0.99769
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50290

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/35fc4bdc48171d9a64251c54a1e76deb558cf9d8

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/35fc4bdc48171d9a64251c54a1e76deb558cf9d8

reference_url

https://issues.apache.org/jira/browse/SOLR-16808

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-16808

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50290

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50290

reference_url

https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-09T20:17:07Z/

url

https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258132
reference_id	2258132
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258132

reference_url

https://github.com/advisories/GHSA-gg7w-pw2r-x2cq

reference_id

GHSA-gg7w-pw2r-x2cq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gg7w-pw2r-x2cq

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2023-50290, GHSA-gg7w-pw2r-x2cq

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-keda-efkh-y3fg

url VCID-qkt3-eevh-ekcr

vulnerability_id VCID-qkt3-eevh-ekcr

summary

Apache Solr Schema Designer blindly "trusts" all configsets
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.

This issue affects Apache Solr from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.

The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.
However, when the feature was created, the "trust" (authentication) of these configSets was not considered.
External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.
Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.

Users are recommended to upgrade to version 9.3.0 or 8.11.3, both of which fix the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50292.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50292.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50292

reference_id

reference_type

scores

value	0.40116
scoring_system	epss
scoring_elements	0.97331
published_at	2026-04-08T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97334
published_at	2026-04-11T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97324
published_at	2026-04-04T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97325
published_at	2026-04-07T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97332
published_at	2026-04-09T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97348
published_at	2026-04-21T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97347
published_at	2026-04-18T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97344
published_at	2026-04-16T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97336
published_at	2026-04-13T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.9732
published_at	2026-04-02T12:55:00Z

value	0.40116
scoring_system	epss
scoring_elements	0.97335
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50292

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50292
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50292

reference_url

https://github.com/apache/lucene-solr/commit/6e9ed203b30958396bdfd41760d426b386646865

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/6e9ed203b30958396bdfd41760d426b386646865

reference_url

https://github.com/apache/solr/commit/d07751cfaa8065bea8bd43f59e758e50d50c2419

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/d07751cfaa8065bea8bd43f59e758e50d50c2419

reference_url

https://issues.apache.org/jira/browse/SOLR-16777

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-16777

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50292

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50292

reference_url

https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:33Z/

url

https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions

reference_url

http://www.openwall.com/lists/oss-security/2024/02/09/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:33Z/

url

http://www.openwall.com/lists/oss-security/2024/02/09/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263579
reference_id	2263579
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263579

reference_url

https://github.com/advisories/GHSA-4wxw-42wx-2wfx

reference_id

GHSA-4wxw-42wx-2wfx

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4wxw-42wx-2wfx

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-23%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2023-50292, GHSA-4wxw-42wx-2wfx

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkt3-eevh-ekcr

url VCID-r413-tvjg-mfh3

vulnerability_id VCID-r413-tvjg-mfh3

summary Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7660
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7660

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7660.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7660.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7660

reference_id

reference_type

scores

value	0.00455
scoring_system	epss
scoring_elements	0.63897
published_at	2026-04-18T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.63773
published_at	2026-04-01T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.63834
published_at	2026-04-02T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.6386
published_at	2026-04-04T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.63818
published_at	2026-04-07T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.63869
published_at	2026-04-08T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.63886
published_at	2026-04-12T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.639
published_at	2026-04-11T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.63852
published_at	2026-04-13T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.63888
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7660

reference_url	https://github.com/apache/lucene-solr/commit/2f5ecbcf9ed7a3a4fd37b5c55860ad8eace1bea
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/2f5ecbcf9ed7a3a4fd37b5c55860ad8eace1bea

reference_url	https://github.com/apache/lucene-solr/commit/9f91c619a35db89544f5c85795df4128c9f0d96
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/9f91c619a35db89544f5c85795df4128c9f0d96

reference_url	https://github.com/apache/lucene-solr/commit/e3b0cfff396a7f92a4f621d598780116da916f3
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/e3b0cfff396a7f92a4f621d598780116da916f3

reference_url	https://github.com/apache/lucene-solr/commit/e912b7cb5c68fbb87b874d41068cf5a3aea17da0
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/e912b7cb5c68fbb87b874d41068cf5a3aea17da0

reference_url

https://issues.apache.org/jira/browse/SOLR-10624

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-10624

reference_url

https://lists.apache.org/thread/o0g7vpz5sz4yy0pyf1z94vkpv40x6h44

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/o0g7vpz5sz4yy0pyf1z94vkpv40x6h44

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7660

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7660

reference_url

https://security.netapp.com/advisory/ntap-20181127-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181127-0003

reference_url	https://security.netapp.com/advisory/ntap-20181127-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20181127-0003/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1473273
reference_id	1473273
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1473273

reference_url

https://github.com/advisories/GHSA-c82r-qg3w-q5mv

reference_id

GHSA-c82r-qg3w-q5mv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c82r-qg3w-q5mv

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2017-7660, GHSA-c82r-qg3w-q5mv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r413-tvjg-mfh3

url VCID-r6fw-42tv-vueu

vulnerability_id VCID-r6fw-42tv-vueu

summary

Apache Solr Cross-site scripting Vulnerability
Cross-site scripting (XSS) vulnerability in `webapp/web/js/scripts/schema-browser.js` in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8796

reference_id

reference_type

scores

value	0.02552
scoring_system	epss
scoring_elements	0.85434
published_at	2026-04-02T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.8552
published_at	2026-04-21T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85523
published_at	2026-04-18T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85478
published_at	2026-04-08T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85422
published_at	2026-04-01T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85457
published_at	2026-04-07T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85454
published_at	2026-04-04T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85519
published_at	2026-04-16T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85495
published_at	2026-04-13T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85499
published_at	2026-04-12T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.855
published_at	2026-04-11T12:55:00Z

value	0.02552
scoring_system	epss
scoring_elements	0.85486
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8796

reference_url

https://github.com/apache/lucene/commit/dc2f2295e0a6c6574f033f295dc0c9adb7660df9

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene/commit/dc2f2295e0a6c6574f033f295dc0c9adb7660df9

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/dc2f2295e0a6c6574f033f295dc0c9adb7660df9

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/dc2f2295e0a6c6574f033f295dc0c9adb7660df9

reference_url

https://issues.apache.org/jira/browse/SOLR-7920

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-7920

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8796

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8796

reference_url

https://web.archive.org/web/20200227160406/http://www.securityfocus.com/bid/85205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227160406/http://www.securityfocus.com/bid/85205

reference_url	http://www.securityfocus.com/bid/85205
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85205

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url

https://github.com/advisories/GHSA-4fxw-g29w-r8mx

reference_id

GHSA-4fxw-g29w-r8mx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4fxw-g29w-r8mx

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2015-8796, GHSA-4fxw-g29w-r8mx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6fw-42tv-vueu

url VCID-rym5-bjyc-nybu

vulnerability_id VCID-rym5-bjyc-nybu

summary The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6408

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6408.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6408.json

reference_url

reference_id

reference_type

scores

value	0.11391
scoring_system	epss
scoring_elements	0.93585
published_at	2026-04-18T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.9358
published_at	2026-04-16T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.9356
published_at	2026-04-12T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93561
published_at	2026-04-13T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93526
published_at	2026-04-01T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93534
published_at	2026-04-02T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93555
published_at	2026-04-09T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93542
published_at	2026-04-04T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93552
published_at	2026-04-08T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.93543
published_at	2026-04-07T12:55:00Z

value	0.11391
scoring_system	epss
scoring_elements	0.9359
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/7239a57a51ea0f4d05dd330ce5e15e4f72f72747

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/7239a57a51ea0f4d05dd330ce5e15e4f72f72747

reference_url

https://issues.apache.org/jira/browse/SOLR-4881

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-4881

reference_url	https://issues.apache.org/jira/browse/SOLR-5520
reference_id
reference_type
scores
url	https://issues.apache.org/jira/browse/SOLR-5520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6408

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6408

reference_url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup

reference_url

http://www.openwall.com/lists/oss-security/2013/11/29/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/11/29/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1035985
reference_id	1035985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1035985

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id	731113
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113

reference_url	https://bugzilla.redhat.com/CVE-2013-6408
reference_id	CVE-2013-6408
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2013-6408

reference_url

https://github.com/advisories/GHSA-45w3-2hvv-pfxq

reference_id

GHSA-45w3-2hvv-pfxq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-45w3-2hvv-pfxq

reference_url	https://access.redhat.com/errata/RHSA-2013:1844
reference_id	RHSA-2013:1844
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1844

reference_url	https://access.redhat.com/errata/RHSA-2014:0029
reference_id	RHSA-2014:0029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0029

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-2%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2013-6408, GHSA-45w3-2hvv-pfxq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rym5-bjyc-nybu

url VCID-rys3-pnnk-a7e4

vulnerability_id VCID-rys3-pnnk-a7e4

summary Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

references

reference_url

http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E

reference_url

http://openwall.com/lists/oss-security/2017/10/13/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2017/10/13/1

reference_url

https://access.redhat.com/errata/RHSA-2017:3123

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3123

reference_url

https://access.redhat.com/errata/RHSA-2017:3124

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3124

reference_url

https://access.redhat.com/errata/RHSA-2017:3244

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3244

reference_url

https://access.redhat.com/errata/RHSA-2017:3451

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3451

reference_url

https://access.redhat.com/errata/RHSA-2017:3452

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3452

reference_url

https://access.redhat.com/errata/RHSA-2018:0002

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0002

reference_url

https://access.redhat.com/errata/RHSA-2018:0003

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0003

reference_url

https://access.redhat.com/errata/RHSA-2018:0004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0004

reference_url

https://access.redhat.com/errata/RHSA-2018:0005

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0005

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12629

reference_id

reference_type

scores

value	0.93891
scoring_system	epss
scoring_elements	0.99875
published_at	2026-04-21T12:55:00Z

value	0.93891
scoring_system	epss
scoring_elements	0.99874
published_at	2026-04-12T12:55:00Z

value	0.93891
scoring_system	epss
scoring_elements	0.99873
published_at	2026-04-08T12:55:00Z

value	0.93891
scoring_system	epss
scoring_elements	0.99872
published_at	2026-04-02T12:55:00Z

value	0.93891
scoring_system	epss
scoring_elements	0.99871
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12629

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163

reference_url

https://github.com/advisories/GHSA-mh7g-99w9-xpjm

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-mh7g-99w9-xpjm

reference_url

https://github.com/apache/lucene

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene

reference_url

https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2

reference_url	https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc

reference_url	https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a

reference_url

https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1

reference_url

https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268

reference_url	https://github.com/AsyncHttpClient/async-http-client/issues/1455
reference_id
reference_type
scores
url	https://github.com/AsyncHttpClient/async-http-client/issues/1455

reference_url

https://issues.apache.org/jira/browse/SOLR-11477

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-11477

reference_url

https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html

reference_url

https://s.apache.org/FJDl

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://s.apache.org/FJDl

reference_url

https://twitter.com/ApacheSolr/status/918731485611401216

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://twitter.com/ApacheSolr/status/918731485611401216

reference_url

https://twitter.com/joshbressers/status/919258716297420802

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://twitter.com/joshbressers/status/919258716297420802

reference_url

https://twitter.com/searchtools_avi/status/918904813613543424

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://twitter.com/searchtools_avi/status/918904813613543424

reference_url

https://usn.ubuntu.com/4259-1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4259-1

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/43009

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/43009

reference_url	https://www.exploit-db.com/exploits/43009/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/43009/

reference_url

http://www.securityfocus.com/bid/101261

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/101261

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1501529
reference_id	1501529
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1501529

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt
reference_id	CVE-2017-12629
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12629

reference_id

CVE-2017-12629

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12629

reference_url	http://www.cvedetails.com/cve/CVE-2017-12629/
reference_id	CVE-2017-12629
reference_type
scores
url	http://www.cvedetails.com/cve/CVE-2017-12629/

reference_url	https://access.redhat.com/errata/RHSA-2020:2561
reference_id	RHSA-2020:2561
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2561

reference_url	https://access.redhat.com/errata/RHSA-2023:1334
reference_id	RHSA-2023:1334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1334

reference_url	https://usn.ubuntu.com/4259-1/
reference_id	USN-4259-1
reference_type
scores
url	https://usn.ubuntu.com/4259-1/

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-11?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-11?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-11%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2017-12629, GHSA-mh7g-99w9-xpjm

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rys3-pnnk-a7e4

url VCID-t4p6-84y8-kbbu

vulnerability_id VCID-t4p6-84y8-kbbu

summary

Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.

Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.

When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides.

An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost".

Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.

Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.

From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50298.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50298.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50298

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13641
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13568
published_at	2026-04-18T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13791
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13847
published_at	2026-04-04T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13646
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13728
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13778
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13747
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1371
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13571
published_at	2026-04-16T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1366
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50298

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50298
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50298

reference_url

https://github.com/apache/lucene-solr/commit/61c956c426b2cfb85ccef55d1afca4335eacd269

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/61c956c426b2cfb85ccef55d1afca4335eacd269

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98

reference_url

https://issues.apache.org/jira/browse/SOLR-17098

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-17098

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50298

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50298

reference_url

https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:14:53Z/

url

https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions

reference_url

http://www.openwall.com/lists/oss-security/2024/02/09/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:14:53Z/

url

http://www.openwall.com/lists/oss-security/2024/02/09/2

reference_url

http://www.openwall.com/lists/oss-security/2024/02/09/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:14:53Z/

url

http://www.openwall.com/lists/oss-security/2024/02/09/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263583
reference_id	2263583
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263583

reference_url

https://github.com/advisories/GHSA-xrj7-x7gp-wwqr

reference_id

GHSA-xrj7-x7gp-wwqr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xrj7-x7gp-wwqr

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-23%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2023-50298, GHSA-xrj7-x7gp-wwqr

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4p6-84y8-kbbu

url VCID-tt7h-4geu-5bc9

vulnerability_id VCID-tt7h-4geu-5bc9

summary

XML External Entity (XXE) Injection in Apache Solr
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0193.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0193.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0193

reference_id

reference_type

scores

value	0.93076
scoring_system	epss
scoring_elements	0.9979
published_at	2026-04-07T12:55:00Z

value	0.93076
scoring_system	epss
scoring_elements	0.99791
published_at	2026-04-11T12:55:00Z

value	0.93076
scoring_system	epss
scoring_elements	0.99789
published_at	2026-04-01T12:55:00Z

value	0.93438
scoring_system	epss
scoring_elements	0.99821
published_at	2026-04-21T12:55:00Z

value	0.93438
scoring_system	epss
scoring_elements	0.99819
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0193

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0193
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0193

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f7

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f7

reference_url

https://issues.apache.org/jira/browse/SOLR-13669

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://issues.apache.org/jira/browse/SOLR-13669

reference_url

https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/

url

https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0193

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0193

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESOLR-536063

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESOLR-536063

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0193

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0193

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1736774
reference_id	1736774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1736774

reference_url

https://github.com/advisories/GHSA-3gm7-v7vw-866c

reference_id

GHSA-3gm7-v7vw-866c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3gm7-v7vw-866c

reference_url	https://usn.ubuntu.com/7283-1/
reference_id	USN-7283-1
reference_type
scores
url	https://usn.ubuntu.com/7283-1/

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-22?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-22?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-22%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2019-0193, GHSA-3gm7-v7vw-866c

risk_score 10.0

exploitability 2.0

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tt7h-4geu-5bc9

url VCID-uaxq-nmwp-5uct

vulnerability_id VCID-uaxq-nmwp-5uct

summary

Apache Solr Relative Path Traversal vulnerability
Relative Path Traversal vulnerability in Apache Solr.

Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.  
This issue affects Apache Solr: from 6.6 through 9.7.0.

Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52012

reference_id

reference_type

scores

value	0.13483
scoring_system	epss
scoring_elements	0.9419
published_at	2026-04-04T12:55:00Z

value	0.13483
scoring_system	epss
scoring_elements	0.94201
published_at	2026-04-08T12:55:00Z

value	0.13483
scoring_system	epss
scoring_elements	0.94192
published_at	2026-04-07T12:55:00Z

value	0.13483
scoring_system	epss
scoring_elements	0.94179
published_at	2026-04-02T12:55:00Z

value	0.13483
scoring_system	epss
scoring_elements	0.94232
published_at	2026-04-18T12:55:00Z

value	0.13483
scoring_system	epss
scoring_elements	0.94226
published_at	2026-04-16T12:55:00Z

value	0.13483
scoring_system	epss
scoring_elements	0.94211
published_at	2026-04-13T12:55:00Z

value	0.13483
scoring_system	epss
scoring_elements	0.9421
published_at	2026-04-11T12:55:00Z

value	0.13483
scoring_system	epss
scoring_elements	0.94206
published_at	2026-04-09T12:55:00Z

value	0.13795
scoring_system	epss
scoring_elements	0.94302
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52012

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/5795edd143b8fcb2ffaf7f278a099b8678adf396

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/5795edd143b8fcb2ffaf7f278a099b8678adf396

reference_url

https://issues.apache.org/jira/browse/SOLR-17543

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-17543

reference_url

https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T13:34:11Z/

url

https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52012

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52012

reference_url

http://www.openwall.com/lists/oss-security/2025/01/26/2

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/01/26/2

reference_url

https://github.com/advisories/GHSA-4p5m-gvpf-f3x5

reference_id

GHSA-4p5m-gvpf-f3x5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4p5m-gvpf-f3x5

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2024-52012, GHSA-4p5m-gvpf-f3x5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uaxq-nmwp-5uct

url VCID-v5ka-6bd4-33ft

vulnerability_id VCID-v5ka-6bd4-33ft

summary

Apache Solr vulnerable to Execution with Unnecessary Privileges
Core creation allows users to replace "trusted" configset files with arbitrary configuration

Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.

This issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24814.json

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24814.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24814

reference_id

reference_type

scores

value	0.00777
scoring_system	epss
scoring_elements	0.7368
published_at	2026-04-18T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73671
published_at	2026-04-16T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73627
published_at	2026-04-13T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73635
published_at	2026-04-12T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73653
published_at	2026-04-11T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73631
published_at	2026-04-09T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73618
published_at	2026-04-08T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73582
published_at	2026-04-07T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73609
published_at	2026-04-04T12:55:00Z

value	0.00777
scoring_system	epss
scoring_elements	0.73586
published_at	2026-04-02T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.7406
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24814

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/f492e24881c5724a1b1baecfc9549e2cb0257525

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/solr/commit/f492e24881c5724a1b1baecfc9549e2cb0257525

reference_url

https://issues.apache.org/jira/browse/SOLR-16781

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-16781

reference_url

https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T14:10:58Z/

url

https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-24814

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-24814

reference_url

https://security.netapp.com/advisory/ntap-20250214-0002

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250214-0002

reference_url

http://www.openwall.com/lists/oss-security/2025/01/26/1

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/01/26/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342221
reference_id	2342221
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342221

reference_url

https://github.com/advisories/GHSA-68r2-fwcg-qpm8

reference_id

GHSA-68r2-fwcg-qpm8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-68r2-fwcg-qpm8

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-23?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-23%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2025-24814, GHSA-68r2-fwcg-qpm8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5ka-6bd4-33ft

url VCID-vkyg-mj2g-bqgp

vulnerability_id VCID-vkyg-mj2g-bqgp

summary This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8026.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8026.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8026

reference_id

reference_type

scores

value	0.04341
scoring_system	epss
scoring_elements	0.88941
published_at	2026-04-21T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88933
published_at	2026-04-13T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88945
published_at	2026-04-18T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88947
published_at	2026-04-16T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88878
published_at	2026-04-01T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88886
published_at	2026-04-02T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88901
published_at	2026-04-04T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88904
published_at	2026-04-07T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88922
published_at	2026-04-08T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88927
published_at	2026-04-09T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88939
published_at	2026-04-11T12:55:00Z

value	0.04341
scoring_system	epss
scoring_elements	0.88934
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8026

reference_url

https://github.com/advisories/GHSA-7px3-6f6g-hxcj

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-7px3-6f6g-hxcj

reference_url

https://github.com/apache/lucene-solr/commit/1880d4824e6c5f98170b9a00aad1d437ee2aa12

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/1880d4824e6c5f98170b9a00aad1d437ee2aa12

reference_url

https://github.com/apache/lucene-solr/commit/3aa6086ed99fa7158d423dc7c33dae6da466b09

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/3aa6086ed99fa7158d423dc7c33dae6da466b09

reference_url

https://github.com/apache/lucene-solr/commit/d1baf6ba593561f39e2da0a71a8440797005b55

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/d1baf6ba593561f39e2da0a71a8440797005b55

reference_url	https://github.com/apache/lucene-solr/commit/e21d4937e0637c7b7949ac463f331da9a42c07f
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/e21d4937e0637c7b7949ac463f331da9a42c07f

reference_url

https://github.com/apache/lucene-solr/commit/e5407c5a9710247e5f728aae36224a245a51f0b

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/e5407c5a9710247e5f728aae36224a245a51f0b

reference_url

https://issues.apache.org/jira/browse/SOLR-12450

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-12450

reference_url

https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://mail-archives.apache.org/mod_mbox/lucene-solr-user/201807.mbox/%3C0cdc01d413b7%24f97ba580%24ec72f080%24%40apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20190307-0002

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190307-0002

reference_url	https://security.netapp.com/advisory/ntap-20190307-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190307-0002/

reference_url	http://www.securityfocus.com/bid/104690
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104690

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1598621
reference_id	1598621
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1598621

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:::::::*
reference_id	cpe:2.3:a:netapp:snapcenter:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapcenter:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_id	cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8026

reference_id

CVE-2018-8026

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8026

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2018-8026, GHSA-7px3-6f6g-hxcj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkyg-mj2g-bqgp

url VCID-vrdm-7wfj-qbht

vulnerability_id VCID-vrdm-7wfj-qbht

summary

Improper Authentication vulnerability in Apache Solr
Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.


This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.

Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45216

reference_id

reference_type

scores

value	0.9408
scoring_system	epss
scoring_elements	0.99905
published_at	2026-04-12T12:55:00Z

value	0.9408
scoring_system	epss
scoring_elements	0.99907
published_at	2026-04-18T12:55:00Z

value	0.9408
scoring_system	epss
scoring_elements	0.99906
published_at	2026-04-21T12:55:00Z

value	0.9408
scoring_system	epss
scoring_elements	0.99904
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45216

reference_url

https://issues.apache.org/jira/browse/SOLR-17417

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-17417

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45216

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45216

reference_url

https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-16T17:02:39Z/

url

https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending

reference_url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/webapp

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/webapp

reference_url

http://www.openwall.com/lists/oss-security/2024/10/15/8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/10/15/8

reference_url

https://github.com/advisories/GHSA-mjvf-4h88-6xm3

reference_id

GHSA-mjvf-4h88-6xm3

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mjvf-4h88-6xm3

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2024-45216, GHSA-mjvf-4h88-6xm3

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrdm-7wfj-qbht

url VCID-vsgv-kss4-nqcb

vulnerability_id VCID-vsgv-kss4-nqcb

summary

Incorrect Authorization in Apache Solr
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 6.6.6 and 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11802.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11802.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11802

reference_id

reference_type

scores

value	0.00151
scoring_system	epss
scoring_elements	0.3561
published_at	2026-04-21T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35512
published_at	2026-04-01T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35714
published_at	2026-04-02T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35739
published_at	2026-04-04T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.3562
published_at	2026-04-07T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35666
published_at	2026-04-08T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35689
published_at	2026-04-09T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35699
published_at	2026-04-11T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35654
published_at	2026-04-12T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35632
published_at	2026-04-13T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35671
published_at	2026-04-16T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35661
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11802

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895

reference_url

https://issues.apache.org/jira/browse/SOLR-12514

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-12514

reference_url

https://www.openwall.com/lists/oss-security/2019/04/24/1

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2019/04/24/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1707547
reference_id	1707547
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1707547

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11802

reference_id

CVE-2018-11802

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11802

reference_url

https://github.com/advisories/GHSA-j346-h5wc-rw2m

reference_id

GHSA-j346-h5wc-rw2m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j346-h5wc-rw2m

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2018-11802, GHSA-j346-h5wc-rw2m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vsgv-kss4-nqcb

url VCID-vvt2-qyef-3fa6

vulnerability_id VCID-vvt2-qyef-3fa6

summary

Improper Neutralization of Input During Web Page Generation in Apache Solr
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8797

reference_id

reference_type

scores

value	0.02074
scoring_system	epss
scoring_elements	0.83921
published_at	2026-04-04T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.83985
published_at	2026-04-21T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.83983
published_at	2026-04-18T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.8396
published_at	2026-04-13T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.83963
published_at	2026-04-12T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.8397
published_at	2026-04-11T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.8389
published_at	2026-04-01T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.83954
published_at	2026-04-09T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.83947
published_at	2026-04-08T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.83905
published_at	2026-04-02T12:55:00Z

value	0.02074
scoring_system	epss
scoring_elements	0.83924
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8797

reference_url

https://issues.apache.org/jira/browse/SOLR-7949

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-7949

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8797

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8797

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21975544

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21975544

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url

https://github.com/advisories/GHSA-v6gf-x8fp-532v

reference_id

GHSA-v6gf-x8fp-532v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v6gf-x8fp-532v

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2015-8797, GHSA-v6gf-x8fp-532v

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvt2-qyef-3fa6

url VCID-wke8-9ysk-akc2

vulnerability_id VCID-wke8-9ysk-akc2

summary Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.

references

reference_url

http://lucene.apache.org/solr/4_6_0/changes/Changes.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lucene.apache.org/solr/4_6_0/changes/Changes.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6397

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6397.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6397.json

reference_url

reference_id

reference_type

scores

value	0.90931
scoring_system	epss
scoring_elements	0.99637
published_at	2026-04-21T12:55:00Z

value	0.92173
scoring_system	epss
scoring_elements	0.99709
published_at	2026-04-04T12:55:00Z

value	0.92173
scoring_system	epss
scoring_elements	0.99708
published_at	2026-04-02T12:55:00Z

value	0.92173
scoring_system	epss
scoring_elements	0.99713
published_at	2026-04-18T12:55:00Z

value	0.92173
scoring_system	epss
scoring_elements	0.99712
published_at	2026-04-13T12:55:00Z

value	0.92173
scoring_system	epss
scoring_elements	0.99711
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6397

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6612

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6397

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6407

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6408

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/da34b18cb3092df4972e2b6fa5178d1059923910

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/lucene-solr/commit/da34b18cb3092df4972e2b6fa5178d1059923910

reference_url

https://issues.apache.org/jira/browse/SOLR-4882

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-4882

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6397

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6397

reference_url

https://web.archive.org/web/20170307173358/http://www.securityfocus.com/bid/63935

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170307173358/http://www.securityfocus.com/bid/63935

reference_url

http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html

reference_url

http://www.openwall.com/lists/oss-security/2013/11/27/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/11/27/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1035062
reference_id	1035062
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1035062

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113
reference_id	731113
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731113

reference_url	https://bugzilla.redhat.com/CVE-2013-6397
reference_id	CVE-2013-6397
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2013-6397

reference_url

https://github.com/advisories/GHSA-j8qw-mwmv-28cg

reference_id

GHSA-j8qw-mwmv-28cg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j8qw-mwmv-28cg

reference_url	https://access.redhat.com/errata/RHSA-2013:1844
reference_id	RHSA-2013:1844
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1844

reference_url	https://access.redhat.com/errata/RHSA-2014:0029
reference_id	RHSA-2014:0029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0029

fixed_packages

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-2%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2013-6397, GHSA-j8qw-mwmv-28cg

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wke8-9ysk-akc2

url VCID-xypj-xu8p-gkbs

vulnerability_id VCID-xypj-xu8p-gkbs

summary Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.

references

reference_url	http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAOOKt53AOScg04zUh0%2BR_fcXD0C9s5mQ-OzdgYdnHz49u1KmXw%40mail.gmail.com%3E
reference_id
reference_type
scores
url	http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAOOKt53AOScg04zUh0%2BR_fcXD0C9s5mQ-OzdgYdnHz49u1KmXw%40mail.gmail.com%3E

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9803.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9803.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9803

reference_id

reference_type

scores

value	0.01546
scoring_system	epss
scoring_elements	0.81435
published_at	2026-04-21T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81434
published_at	2026-04-18T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81433
published_at	2026-04-16T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81397
published_at	2026-04-13T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81404
published_at	2026-04-12T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81331
published_at	2026-04-01T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81416
published_at	2026-04-11T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81395
published_at	2026-04-09T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81341
published_at	2026-04-02T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.8139
published_at	2026-04-08T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81361
published_at	2026-04-07T12:55:00Z

value	0.01546
scoring_system	epss
scoring_elements	0.81363
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9803

reference_url	https://github.com/apache/lucene-solr/commit/b091934f9e98568b848d0584a1145c8e514cbd21
reference_id
reference_type
scores
url	https://github.com/apache/lucene-solr/commit/b091934f9e98568b848d0584a1145c8e514cbd21

reference_url

https://issues.apache.org/jira/browse/SOLR-11184

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-11184

reference_url

https://lists.apache.org/thread/f4rbt657n9x4kb74k1txhcojof5dzol5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/f4rbt657n9x4kb74k1txhcojof5dzol5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9803

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9803

reference_url	http://www.securityfocus.com/bid/100870
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100870

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1493507
reference_id	1493507
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1493507

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.2.0:::::::*
reference_id	cpe:2.3:a:apache:solr:6.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.2.1:::::::*
reference_id	cpe:2.3:a:apache:solr:6.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.3.0:::::::*
reference_id	cpe:2.3:a:apache:solr:6.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.4.0:::::::*
reference_id	cpe:2.3:a:apache:solr:6.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.4.1:::::::*
reference_id	cpe:2.3:a:apache:solr:6.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.4.2:::::::*
reference_id	cpe:2.3:a:apache:solr:6.4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.5.0:::::::*
reference_id	cpe:2.3:a:apache:solr:6.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.5.1:::::::*
reference_id	cpe:2.3:a:apache:solr:6.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.6.0:::::::*
reference_id	cpe:2.3:a:apache:solr:6.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:6.6.0:::::::*

reference_url

https://github.com/advisories/GHSA-f553-j2gv-g5r9

reference_id

GHSA-f553-j2gv-g5r9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f553-j2gv-g5r9

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2017-9803, GHSA-f553-j2gv-g5r9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xypj-xu8p-gkbs

url VCID-z2u5-9szx-vyax

vulnerability_id VCID-z2u5-9szx-vyax

summary

Deserialization of Untrusted Data
In Apache Solr versions, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

references

reference_url

http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E

reference_url

https://access.redhat.com/errata/RHSA-2019:2413

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:2413

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0192.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0192.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0192

reference_id

reference_type

scores

value	0.93545
scoring_system	epss
scoring_elements	0.99828
published_at	2026-04-09T12:55:00Z

value	0.93545
scoring_system	epss
scoring_elements	0.99829
published_at	2026-04-11T12:55:00Z

value	0.93545
scoring_system	epss
scoring_elements	0.9983
published_at	2026-04-13T12:55:00Z

value	0.93545
scoring_system	epss
scoring_elements	0.99831
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0192

reference_url

https://github.com/advisories/GHSA-xhcq-fv7x-grr2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xhcq-fv7x-grr2

reference_url

https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20190327-0003

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190327-0003

reference_url	https://security.netapp.com/advisory/ntap-20190327-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190327-0003/

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.securityfocus.com/bid/107318

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/107318

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1692345
reference_id	1692345
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1692345

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_id	cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0192

reference_id

CVE-2019-0192

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0192

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2019-0192, GHSA-xhcq-fv7x-grr2

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z2u5-9szx-vyax

url VCID-zfk3-8kt1-gbbw

vulnerability_id VCID-zfk3-8kt1-gbbw

summary

Apache Solr  vulnerable to XML Bomb
Solr versions prior to 5.0.0 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.

references

reference_url

http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12401.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12401.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12401

reference_id

reference_type

scores

value	0.32768
scoring_system	epss
scoring_elements	0.96892
published_at	2026-04-21T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96878
published_at	2026-04-13T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96876
published_at	2026-04-12T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96875
published_at	2026-04-11T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96872
published_at	2026-04-09T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96871
published_at	2026-04-08T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96862
published_at	2026-04-07T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96858
published_at	2026-04-04T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96855
published_at	2026-04-02T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96848
published_at	2026-04-01T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96889
published_at	2026-04-18T12:55:00Z

value	0.32768
scoring_system	epss
scoring_elements	0.96885
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12401

reference_url

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr

reference_url

https://issues.apache.org/jira/browse/SOLR-13750

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-13750

reference_url

https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/0ec231c5ed8d242890e21806d25fdd47f80cc47cac278d2fc1c9c579%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E

reference_url	https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a%40%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2%40%3Cgeneral.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2%40%3Cgeneral.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe%40%3Cdev.lucene.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12401

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12401

reference_url

https://security.netapp.com/advisory/ntap-20190926-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190926-0002

reference_url	https://security.netapp.com/advisory/ntap-20190926-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190926-0002/

reference_url

http://www.openwall.com/lists/oss-security/2019/09/10/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/09/10/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1789513
reference_id	1789513
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1789513

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::
reference_id	cpe:2.3:a:apache:solr::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr::::::::

reference_url

https://github.com/advisories/GHSA-jq2w-w7v2-69q5

reference_id

GHSA-jq2w-w7v2-69q5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jq2w-w7v2-69q5

fixed_packages

url	pkg:deb/debian/lucene-solr@0?distro=trixie
purl	pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie

url	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie

aliases CVE-2019-12401, GHSA-jq2w-w7v2-69q5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zfk3-8kt1-gbbw

url VCID-zrn1-s7ht-pbdt

vulnerability_id VCID-zrn1-s7ht-pbdt

summary

Improper permission handling in Apache Solr
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29262.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29262.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29262

reference_id

reference_type

scores

value	0.26231
scoring_system	epss
scoring_elements	0.96314
published_at	2026-04-21T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96259
published_at	2026-04-01T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96308
published_at	2026-04-16T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96299
published_at	2026-04-13T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96295
published_at	2026-04-12T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96296
published_at	2026-04-11T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96291
published_at	2026-04-09T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96288
published_at	2026-04-08T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96279
published_at	2026-04-07T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96274
published_at	2026-04-04T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96267
published_at	2026-04-02T12:55:00Z

value	0.26231
scoring_system	epss
scoring_elements	0.96312
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29262

reference_url

https://issues.apache.org/jira/browse/SOLR-15249

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SOLR-15249

reference_url

https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79@%3Coak-issues.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1e92a2eff6c47a65c4a6e95e809a9707181de76f8062403a0bea1012@%3Coak-issues.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r51b29ff62060b67bc9999ded5e252b36b09311fe5a02d27f6de3e4d3@%3Coak-issues.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r536da4c4e4e406f7843461cc754a3d0a3fe575aa576e2b71a9cd57d0%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7151081abab92a827a607205c4260b0a3d22280b52d15bc909177608@%3Coak-issues.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8d35eeb9a470d2682b5bcf3be0b8942faa7e28f9ca5861c058d17fff@%3Coak-issues.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9c4ce6903218c92ef2583070e64af5a69e483821c4b3016dc41e3c6f@%3Coak-issues.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb6db683903174eaa44ec80cc118a38574319b0d4181f36b61ee6278f@%3Cdev.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbc680cbfd745f22d182158217428a296e8e398cde16f3f428fe4bddc@%3Coak-issues.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd85f87e559ee27e9c69795e3ad93a77621895e0328ea3df41d711d72@%3Coak-commits.jackrabbit.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ref84e60192f4bdc3206b247f260513e8d4e71f3e200792f75386d07a@%3Cdev.jackrabbit.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-29262

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-29262

reference_url

https://security.netapp.com/advisory/ntap-20210604-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210604-0009

reference_url	https://security.netapp.com/advisory/ntap-20210604-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210604-0009/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1949520
reference_id	1949520
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1949520

reference_url

reference_id

AVG-1808

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url