Search for packages
| purl | pkg:maven/org.apache.solr/solr-parent@4.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3vmh-e7x6-3kf6
Aliases: CVE-2021-29943 GHSA-vf7p-j8x6-xvwp |
Incorrect Authorization in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. |
Affected by 1 other vulnerability. |
|
VCID-4dgs-1mk2-5ubr
Aliases: CVE-2020-13941 GHSA-2467-h365-j7hm |
Improper Input Validation Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. |
Affected by 4 other vulnerabilities. |
|
VCID-a4yf-9j54-e3cp
Aliases: CVE-2021-44548 GHSA-pccr-q7v9-5f27 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr This issue only affects Windows. |
Affected by 0 other vulnerabilities. |
|
VCID-ftx3-494m-hbee
Aliases: CVE-2021-27905 GHSA-5phw-3jrp-3vj8 |
Server-Side Request Forgery in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||