VulnerableCode Package Details - pkg:maven/org.apache.solr/solr-core@6.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.solr/solr-core@6.6

Essentials
History (2)

purl	pkg:maven/org.apache.solr/solr-core@6.6
Tags	Ghost

Next non-vulnerable version	9.10.1
Latest non-vulnerable version	9.10.1
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-uaxq-nmwp-5uct Aliases: CVE-2024-52012 GHSA-4p5m-gvpf-f3x5	Apache Solr Relative Path Traversal vulnerability Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.	9.8.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T04:56:53.199626+00:00	GHSA Importer	Affected by	VCID-uaxq-nmwp-5uct	https://github.com/advisories/GHSA-4p5m-gvpf-f3x5	38.1.0
2026-04-02T12:40:44.199252+00:00	GitLab Importer	Affected by	VCID-uaxq-nmwp-5uct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml	38.0.0