Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-2?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-3f1v-ypty-mygx The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. CVE-2012-6612
GHSA-6cpj-3g83-q2j4
VCID-5tq3-rye7-nygg The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. CVE-2013-6407
GHSA-998j-j6v9-5846
VCID-rym5-bjyc-nybu The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407. CVE-2013-6408
GHSA-45w3-2hvv-pfxq
VCID-wke8-9ysk-akc2 Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. CVE-2013-6397
GHSA-j8qw-mwmv-28cg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:49:04.130888+00:00 Debian Importer Fixing VCID-wke8-9ysk-akc2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:35:19.271110+00:00 Debian Importer Fixing VCID-rym5-bjyc-nybu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:15:38.022933+00:00 Debian Importer Fixing VCID-5tq3-rye7-nygg https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:53:10.394294+00:00 Debian Importer Fixing VCID-3f1v-ypty-mygx https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:03:47.460481+00:00 Debian Importer Fixing VCID-wke8-9ysk-akc2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:54:03.652039+00:00 Debian Importer Fixing VCID-rym5-bjyc-nybu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:54:06.022823+00:00 Debian Importer Fixing VCID-5tq3-rye7-nygg https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:36:47.022068+00:00 Debian Importer Fixing VCID-3f1v-ypty-mygx https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:45:22.695096+00:00 Debian Importer Fixing VCID-rym5-bjyc-nybu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:45:22.654832+00:00 Debian Importer Fixing VCID-5tq3-rye7-nygg https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:45:22.615140+00:00 Debian Importer Fixing VCID-wke8-9ysk-akc2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:45:22.573207+00:00 Debian Importer Fixing VCID-3f1v-ypty-mygx https://security-tracker.debian.org/tracker/data/json 38.1.0