VulnerableCode Package Details - pkg:alpm/archlinux/solr@8.8.2-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3vmh-e7x6-3kf6	Incorrect Authorization in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.	CVE-2021-29943 GHSA-vf7p-j8x6-xvwp
VCID-ftx3-494m-hbee	Server-Side Request Forgery in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.	CVE-2021-27905 GHSA-5phw-3jrp-3vj8
VCID-zrn1-s7ht-pbdt	Improper permission handling in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.	CVE-2021-29262 GHSA-jgcr-fg3g-qvw8

Vulnerability

Summary

Aliases

VCID-3vmh-e7x6-3kf6

Incorrect Authorization in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

CVE-2021-29943
GHSA-vf7p-j8x6-xvwp

VCID-ftx3-494m-hbee

Server-Side Request Forgery in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

CVE-2021-27905
GHSA-5phw-3jrp-3vj8

VCID-zrn1-s7ht-pbdt

Improper permission handling in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

CVE-2021-29262
GHSA-jgcr-fg3g-qvw8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:47.382856+00:00	Arch Linux Importer	Fixing	VCID-ftx3-494m-hbee	https://security.archlinux.org/AVG-1808	38.0.0
2026-04-01T18:26:47.360381+00:00	Arch Linux Importer	Fixing	VCID-zrn1-s7ht-pbdt	https://security.archlinux.org/AVG-1808	38.0.0
2026-04-01T18:26:47.339033+00:00	Arch Linux Importer	Fixing	VCID-3vmh-e7x6-3kf6	https://security.archlinux.org/AVG-1808	38.0.0