Search for packages
| purl | pkg:maven/org.apache.solr/solr-core@5.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3vmh-e7x6-3kf6
Aliases: CVE-2021-29943 GHSA-vf7p-j8x6-xvwp |
Incorrect Authorization in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. |
Affected by 9 other vulnerabilities. |
|
VCID-4dgs-1mk2-5ubr
Aliases: CVE-2020-13941 GHSA-2467-h365-j7hm |
Improper Input Validation Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. |
Affected by 14 other vulnerabilities. |
|
VCID-5781-s1ny-q7ey
Aliases: CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013 |
Affected by 6 other vulnerabilities. |
|
|
VCID-a4yf-9j54-e3cp
Aliases: CVE-2021-44548 GHSA-pccr-q7v9-5f27 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr This issue only affects Windows. |
Affected by 9 other vulnerabilities. |
|
VCID-f12j-fvhp-quec
Aliases: CVE-2017-3164 GHSA-vrh8-27q8-fr8f |
Server-Side Request Forgery (SSRF) There is a Server Side Request Forgery in Apache Solr. Because the `shards` parameter does not have a corresponding allowlist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. |
Affected by 14 other vulnerabilities. |
|
VCID-ftx3-494m-hbee
Aliases: CVE-2021-27905 GHSA-5phw-3jrp-3vj8 |
Server-Side Request Forgery in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. |
Affected by 9 other vulnerabilities. |
|
VCID-h9gm-dpgv-2yeh
Aliases: CVE-2018-1308 GHSA-3pph-2595-cgfh |
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. |
Affected by 18 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-ke61-vddr-4udk
Aliases: CVE-2017-3163 GHSA-387v-84cv-9qmc |
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. |
Affected by 15 other vulnerabilities. Affected by 20 other vulnerabilities. |
|
VCID-tt7h-4geu-5bc9
Aliases: CVE-2019-0193 GHSA-3gm7-v7vw-866c |
XML External Entity (XXE) Injection in Apache Solr In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. |
Affected by 14 other vulnerabilities. |
|
VCID-v5ka-6bd4-33ft
Aliases: CVE-2025-24814 GHSA-68r2-fwcg-qpm8 |
Apache Solr vulnerable to Execution with Unnecessary Privileges Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default. |
Affected by 2 other vulnerabilities. |
|
VCID-vvt2-qyef-3fa6
Aliases: CVE-2015-8797 GHSA-v6gf-x8fp-532v |
Improper Neutralization of Input During Web Page Generation in Apache Solr Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. |
Affected by 15 other vulnerabilities. |
|
VCID-xypj-xu8p-gkbs
Aliases: CVE-2017-9803 GHSA-f553-j2gv-g5r9 |
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards. |
Affected by 20 other vulnerabilities. |
|
VCID-z2u5-9szx-vyax
Aliases: CVE-2019-0192 GHSA-xhcq-fv7x-grr2 |
Deserialization of Untrusted Data In Apache Solr versions, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. |
Affected by 22 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-zrn1-s7ht-pbdt
Aliases: CVE-2021-29262 GHSA-jgcr-fg3g-qvw8 |
Improper permission handling in Apache Solr When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||