VulnerableCode Package Details - pkg:maven/org.apache.solr/solr-parent@8.8.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-a4yf-9j54-e3cp Aliases: CVE-2021-44548 GHSA-pccr-q7v9-5f27	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr This issue only affects Windows.	8.11.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-a4yf-9j54-e3cp
Aliases:
CVE-2021-44548
GHSA-pccr-q7v9-5f27

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr This issue only affects Windows.

8.11.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3vmh-e7x6-3kf6	Incorrect Authorization in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.	CVE-2021-29943 GHSA-vf7p-j8x6-xvwp
VCID-ftx3-494m-hbee	Server-Side Request Forgery in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.	CVE-2021-27905 GHSA-5phw-3jrp-3vj8

Vulnerability

Summary

Aliases

VCID-3vmh-e7x6-3kf6

Incorrect Authorization in Apache Solr When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

CVE-2021-29943
GHSA-vf7p-j8x6-xvwp

VCID-ftx3-494m-hbee

Server-Side Request Forgery in Apache Solr The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

CVE-2021-27905
GHSA-5phw-3jrp-3vj8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:37:05.815192+00:00	GitLab Importer	Affected by	VCID-a4yf-9j54-e3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-44548.yml	38.4.0
2026-04-16T21:22:41.509251+00:00	GitLab Importer	Fixing	VCID-ftx3-494m-hbee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-27905.yml	38.4.0
2026-04-16T21:22:32.778587+00:00	GitLab Importer	Fixing	VCID-3vmh-e7x6-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-29943.yml	38.4.0
2026-04-11T22:51:03.708543+00:00	GitLab Importer	Affected by	VCID-a4yf-9j54-e3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-44548.yml	38.3.0
2026-04-11T22:35:18.326544+00:00	GitLab Importer	Fixing	VCID-ftx3-494m-hbee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-27905.yml	38.3.0
2026-04-11T22:35:08.046194+00:00	GitLab Importer	Fixing	VCID-3vmh-e7x6-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-29943.yml	38.3.0
2026-04-02T23:00:28.632397+00:00	GitLab Importer	Affected by	VCID-a4yf-9j54-e3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-44548.yml	38.1.0
2026-04-02T22:46:23.646028+00:00	GitLab Importer	Fixing	VCID-ftx3-494m-hbee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-27905.yml	38.1.0
2026-04-02T22:46:14.219805+00:00	GitLab Importer	Fixing	VCID-3vmh-e7x6-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-29943.yml	38.1.0
2026-04-02T16:56:38.530896+00:00	GHSA Importer	Fixing	VCID-ftx3-494m-hbee	https://github.com/advisories/GHSA-5phw-3jrp-3vj8	38.1.0
2026-04-02T16:56:38.496583+00:00	GHSA Importer	Fixing	VCID-3vmh-e7x6-3kf6	https://github.com/advisories/GHSA-vf7p-j8x6-xvwp	38.1.0
2026-04-01T17:19:14.226190+00:00	GitLab Importer	Affected by	VCID-a4yf-9j54-e3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-44548.yml	38.0.0
2026-04-01T17:04:17.397907+00:00	GitLab Importer	Fixing	VCID-ftx3-494m-hbee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-27905.yml	38.0.0
2026-04-01T17:04:05.318810+00:00	GitLab Importer	Fixing	VCID-3vmh-e7x6-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-parent/CVE-2021-29943.yml	38.0.0
2026-04-01T13:03:06.430601+00:00	GithubOSV Importer	Fixing	VCID-ftx3-494m-hbee	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-5phw-3jrp-3vj8/GHSA-5phw-3jrp-3vj8.json	38.0.0
2026-04-01T13:02:59.169520+00:00	GithubOSV Importer	Fixing	VCID-3vmh-e7x6-3kf6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-vf7p-j8x6-xvwp/GHSA-vf7p-j8x6-xvwp.json	38.0.0