VulnerableCode Package Details - pkg:alpm/archlinux/solr@8.8.1-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-3vmh-e7x6-3kf6 Aliases: CVE-2021-29943 GHSA-vf7p-j8x6-xvwp	Incorrect Authorization in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.	8.8.2-1 Affected by 0 other vulnerabilities.
VCID-ftx3-494m-hbee Aliases: CVE-2021-27905 GHSA-5phw-3jrp-3vj8	Server-Side Request Forgery in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.	8.8.2-1 Affected by 0 other vulnerabilities.
VCID-zrn1-s7ht-pbdt Aliases: CVE-2021-29262 GHSA-jgcr-fg3g-qvw8	Improper permission handling in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.	8.8.2-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3vmh-e7x6-3kf6
Aliases:
CVE-2021-29943
GHSA-vf7p-j8x6-xvwp

Incorrect Authorization in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

8.8.2-1
Affected by 0 other vulnerabilities.

VCID-ftx3-494m-hbee
Aliases:
CVE-2021-27905
GHSA-5phw-3jrp-3vj8

Server-Side Request Forgery in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

8.8.2-1
Affected by 0 other vulnerabilities.

VCID-zrn1-s7ht-pbdt
Aliases:
CVE-2021-29262
GHSA-jgcr-fg3g-qvw8

Improper permission handling in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

8.8.2-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:47.379014+00:00	Arch Linux Importer	Affected by	VCID-ftx3-494m-hbee	https://security.archlinux.org/AVG-1808	38.0.0
2026-04-01T18:26:47.356519+00:00	Arch Linux Importer	Affected by	VCID-zrn1-s7ht-pbdt	https://security.archlinux.org/AVG-1808	38.0.0
2026-04-01T18:26:47.334322+00:00	Arch Linux Importer	Affected by	VCID-3vmh-e7x6-3kf6	https://security.archlinux.org/AVG-1808	38.0.0