VulnerableCode Package Details - pkg:maven/org.apache.solr/solr-velocity@4.0.0-BETA

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.solr/solr-velocity@4.0.0-BETA

purl	pkg:maven/org.apache.solr/solr-velocity@4.0.0-BETA

Next non-vulnerable version	4.6.0
Latest non-vulnerable version	4.6.0
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-wke8-9ysk-akc2 Aliases: CVE-2013-6397 GHSA-j8qw-mwmv-28cg	Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.	4.6.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:31:00.265580+00:00	GitLab Importer	Affected by	VCID-wke8-9ysk-akc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-velocity/CVE-2013-6397.yml	38.4.0
2026-04-11T21:41:24.388158+00:00	GitLab Importer	Affected by	VCID-wke8-9ysk-akc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-velocity/CVE-2013-6397.yml	38.3.0
2026-04-02T21:55:34.988561+00:00	GitLab Importer	Affected by	VCID-wke8-9ysk-akc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-velocity/CVE-2013-6397.yml	38.1.0
2026-04-01T16:12:47.689637+00:00	GitLab Importer	Affected by	VCID-wke8-9ysk-akc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-velocity/CVE-2013-6397.yml	38.0.0