Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1m9m-xudm-47hw
Summary
Unrestricted upload of file with dangerous type in Apache Solr
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
Aliases
0
alias CVE-2019-12409
1
alias GHSA-2289-pqfq-6wx7
Fixed_packages
0
url pkg:deb/debian/lucene-solr@0?distro=trixie
purl pkg:deb/debian/lucene-solr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@0%3Fdistro=trixie
1
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24%3Fdistro=trixie
2
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-26?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-26%3Fdistro=trixie
3
url pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-27?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-27%3Fdistro=trixie
4
url pkg:maven/org.apache.solr/solr-core@8.3.0
purl pkg:maven/org.apache.solr/solr-core@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3gq7-8e2z-yqcv
1
vulnerability VCID-3vmh-e7x6-3kf6
2
vulnerability VCID-4dgs-1mk2-5ubr
3
vulnerability VCID-5781-s1ny-q7ey
4
vulnerability VCID-835p-mav1-1qem
5
vulnerability VCID-a4yf-9j54-e3cp
6
vulnerability VCID-ftx3-494m-hbee
7
vulnerability VCID-hpys-9ncu-3bgv
8
vulnerability VCID-jc41-ky5q-tkhv
9
vulnerability VCID-t4p6-84y8-kbbu
10
vulnerability VCID-uaxq-nmwp-5uct
11
vulnerability VCID-v5ka-6bd4-33ft
12
vulnerability VCID-zrn1-s7ht-pbdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@8.3.0
Affected_packages
0
url pkg:maven/org.apache.solr/solr-core@8.1.1
purl pkg:maven/org.apache.solr/solr-core@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1m9m-xudm-47hw
1
vulnerability VCID-3gq7-8e2z-yqcv
2
vulnerability VCID-3vmh-e7x6-3kf6
3
vulnerability VCID-4dgs-1mk2-5ubr
4
vulnerability VCID-5781-s1ny-q7ey
5
vulnerability VCID-835p-mav1-1qem
6
vulnerability VCID-a4yf-9j54-e3cp
7
vulnerability VCID-ftx3-494m-hbee
8
vulnerability VCID-hpys-9ncu-3bgv
9
vulnerability VCID-jc41-ky5q-tkhv
10
vulnerability VCID-t4p6-84y8-kbbu
11
vulnerability VCID-tt7h-4geu-5bc9
12
vulnerability VCID-uaxq-nmwp-5uct
13
vulnerability VCID-v5ka-6bd4-33ft
14
vulnerability VCID-zrn1-s7ht-pbdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@8.1.1
1
url pkg:maven/org.apache.solr/solr-core@8.2.0
purl pkg:maven/org.apache.solr/solr-core@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1m9m-xudm-47hw
1
vulnerability VCID-3gq7-8e2z-yqcv
2
vulnerability VCID-3vmh-e7x6-3kf6
3
vulnerability VCID-4dgs-1mk2-5ubr
4
vulnerability VCID-5781-s1ny-q7ey
5
vulnerability VCID-835p-mav1-1qem
6
vulnerability VCID-a4yf-9j54-e3cp
7
vulnerability VCID-ftx3-494m-hbee
8
vulnerability VCID-hpys-9ncu-3bgv
9
vulnerability VCID-jc41-ky5q-tkhv
10
vulnerability VCID-t4p6-84y8-kbbu
11
vulnerability VCID-uaxq-nmwp-5uct
12
vulnerability VCID-v5ka-6bd4-33ft
13
vulnerability VCID-zrn1-s7ht-pbdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.solr/solr-core@8.2.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12409.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12409.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12409
reference_id
reference_type
scores
0
value 0.8277
scoring_system epss
scoring_elements 0.99248
published_at 2026-04-24T12:55:00Z
1
value 0.8277
scoring_system epss
scoring_elements 0.99235
published_at 2026-04-02T12:55:00Z
2
value 0.8277
scoring_system epss
scoring_elements 0.99245
published_at 2026-04-21T12:55:00Z
3
value 0.8277
scoring_system epss
scoring_elements 0.99244
published_at 2026-04-16T12:55:00Z
4
value 0.8277
scoring_system epss
scoring_elements 0.99243
published_at 2026-04-13T12:55:00Z
5
value 0.8277
scoring_system epss
scoring_elements 0.99242
published_at 2026-04-08T12:55:00Z
6
value 0.8277
scoring_system epss
scoring_elements 0.99237
published_at 2026-04-04T12:55:00Z
7
value 0.8277
scoring_system epss
scoring_elements 0.99233
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12409
2
reference_url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr
3
reference_url https://github.com/github/advisory-review/pull/12462
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-review/pull/12462
4
reference_url https://issues.apache.org/jira/browse/SOLR-13647
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SOLR-13647
5
reference_url https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2@%3Cannounce.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2%40%3Cannounce.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d%40%3Csolr-user.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87@%3Cissues.lucene.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87%40%3Cissues.lucene.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be@%3Cgeneral.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be@%3Cgeneral.lucene.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be%40%3Cgeneral.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be%40%3Cgeneral.lucene.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541@%3Cissues.lucene.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541%40%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541%40%3Cissues.lucene.apache.org%3E
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12409
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12409
16
reference_url https://support.f5.com/csp/article/K23720587?utm_source=f5support&amp%3Butm_medium=RSS
reference_id
reference_type
scores
url https://support.f5.com/csp/article/K23720587?utm_source=f5support&amp%3Butm_medium=RSS
17
reference_url https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1774734
reference_id 1774734
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1774734
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:8.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:solr:8.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:8.1.1:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:8.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:solr:8.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:8.2.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
22
reference_url https://github.com/advisories/GHSA-2289-pqfq-6wx7
reference_id GHSA-2289-pqfq-6wx7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2289-pqfq-6wx7
Weaknesses
0
cwe_id 434
name Unrestricted Upload of File with Dangerous Type
description The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
1
cwe_id 306
name Missing Authentication for Critical Function
description The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.5 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1m9m-xudm-47hw