{"url":"http://public2.vulnerablecode.io/api/packages/1036056?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5%2Bdeb8u2","type":"deb","namespace":"debian","name":"lucene-solr","version":"3.6.2+dfsg-5+deb8u2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.6.2+dfsg-24","latest_non_vulnerable_version":"3.6.2+dfsg-24","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12854?format=json","vulnerability_id":"VCID-4dgs-1mk2-5ubr","summary":"Improper Input Validation\nReported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13941.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13941.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13941","reference_id":"","reference_type":"","scores":[{"value":"0.02244","scoring_system":"epss","scoring_elements":"0.84628","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86054","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.8607","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.861","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86114","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86124","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86129","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86123","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86143","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86153","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02798","scoring_system":"epss","scoring_elements":"0.86043","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13941"},{"reference_url":"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be@%3Ccommits.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbcd9dff009ed19ffcc2b09784595fc1098fc802a5472f81795f893be@%3Ccommits.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf54e7912b7d2b72c63ec54a7afa4adcbf16268dcc63253767dd67d60%40%3Cgeneral.lucene.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869167","reference_id":"1869167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869167"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13941","reference_id":"CVE-2020-13941","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13941"},{"reference_url":"https://github.com/advisories/GHSA-2467-h365-j7hm","reference_id":"GHSA-2467-h365-j7hm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2467-h365-j7hm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049529?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24"}],"aliases":["CVE-2020-13941","GHSA-2467-h365-j7hm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dgs-1mk2-5ubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48170?format=json","vulnerability_id":"VCID-ftx3-494m-hbee","summary":"Server-Side Request Forgery in Apache Solr\nThe ReplicationHandler (normally registered at \"/replication\" under a Solr core) in Apache Solr has a \"masterUrl\" (also \"leaderUrl\" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the \"shards\" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27905.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27905","reference_id":"","reference_type":"","scores":[{"value":"0.93901","scoring_system":"epss","scoring_elements":"0.99878","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93901","scoring_system":"epss","scoring_elements":"0.99873","published_at":"2026-04-01T12:55:00Z"},{"value":"0.93901","scoring_system":"epss","scoring_elements":"0.99877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93901","scoring_system":"epss","scoring_elements":"0.99876","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93901","scoring_system":"epss","scoring_elements":"0.99875","published_at":"2026-04-07T12:55:00Z"},{"value":"0.93901","scoring_system":"epss","scoring_elements":"0.99874","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27905"},{"reference_url":"https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a@%3Ccommits.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a@%3Ccommits.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f@%3Cnotifications.ofbiz.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f@%3Cnotifications.ofbiz.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27905","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27905"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210611-0009","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210611-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210611-0009/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210611-0009/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949516","reference_id":"1949516","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949516"},{"reference_url":"https://security.archlinux.org/AVG-1808","reference_id":"AVG-1808","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1808"},{"reference_url":"https://github.com/advisories/GHSA-5phw-3jrp-3vj8","reference_id":"GHSA-5phw-3jrp-3vj8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5phw-3jrp-3vj8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049529?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24"}],"aliases":["CVE-2021-27905","GHSA-5phw-3jrp-3vj8"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftx3-494m-hbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4755?format=json","vulnerability_id":"VCID-h9gm-dpgv-2yeh","summary":"This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1308.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1308","reference_id":"","reference_type":"","scores":[{"value":"0.0434","scoring_system":"epss","scoring_elements":"0.88965","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90477","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90512","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90513","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.905","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90484","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.9049","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90483","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90443","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90447","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90459","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90465","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308"},{"reference_url":"https://github.com/advisories/GHSA-3pph-2595-cgfh","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3pph-2595-cgfh"},{"reference_url":"https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f"},{"reference_url":"https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450"},{"reference_url":"https://github.com/apache/lucene-solr/commit/739a7933","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/739a7933"},{"reference_url":"https://github.com/apache/lucene-solr/commit/739a79338856599084617d44b6a1b424af059aa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/739a79338856599084617d44b6a1b424af059aa"},{"reference_url":"https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee6"},{"reference_url":"https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-11971","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-11971"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html"},{"reference_url":"https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1308","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1308"},{"reference_url":"https://www.debian.org/security/2018/dsa-4194","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4194"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1564959","reference_id":"1564959","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1564959"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604","reference_id":"896604","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037117?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-10%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-10%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1049528?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-20%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-20%252Bdeb10u2"}],"aliases":["CVE-2018-1308","GHSA-3pph-2595-cgfh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9gm-dpgv-2yeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15528?format=json","vulnerability_id":"VCID-hpys-9ncu-3bgv","summary":"Apache Solr: Backup/Restore APIs allow for  deployment of executables in malicious ConfigSets\nImproper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nIn the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.\nWhen backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).\nIf the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.\n\nWhen Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nIn these versions, the following protections have been added:\n\n  *  Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.\n  *  The Backup API restricts saving backups to directories that are used in the ClassLoader.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50386.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50386","reference_id":"","reference_type":"","scores":[{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99344","published_at":"2026-04-29T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99345","published_at":"2026-04-26T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99343","published_at":"2026-04-21T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.9934","published_at":"2026-04-13T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99339","published_at":"2026-04-11T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99333","published_at":"2026-04-02T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99337","published_at":"2026-04-08T12:55:00Z"},{"value":"0.84724","scoring_system":"epss","scoring_elements":"0.99335","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50386"},{"reference_url":"https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/6c8f24eb9e3fe1cb19058173f2e221de3febfeda"},{"reference_url":"https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/7e9a2e67f812032a049836c3aa0b18bf5cd717f9"},{"reference_url":"https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr/commit/644dd3a6d6780d71030f7070754d2f3adce22859"},{"reference_url":"https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr/commit/c79011e81dada2f9bc4b4df32ffb32152ef81152"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-16949","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-16949"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50386","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50386"},{"reference_url":"https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-30T04:00:07Z/"}],"url":"https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/09/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-30T04:00:07Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/09/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263585","reference_id":"2263585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263585"},{"reference_url":"https://github.com/advisories/GHSA-37vr-vmg4-jwpw","reference_id":"GHSA-37vr-vmg4-jwpw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-37vr-vmg4-jwpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049529?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24"}],"aliases":["CVE-2023-50386","GHSA-37vr-vmg4-jwpw"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpys-9ncu-3bgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15658?format=json","vulnerability_id":"VCID-jc41-ky5q-tkhv","summary":"Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies\nInsufficiently Protected Credentials vulnerability in Apache Solr.\n\nThis issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.\nOne of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had \"password\" contained in the name.\nThere are a number of sensitive system properties, such as \"basicauth\" and \"aws.secretKey\" do not contain \"password\", thus their values were published via the \"/admin/info/properties\" endpoint.\nThis endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.\n\nThis /admin/info/properties endpoint is protected under the \"config-read\" permission.\nTherefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the \"config-read\" permission.\nUsers are recommended to upgrade to version 9.3.0 or 8.11.3, both of which fix the issue.\nA single option now controls hiding Java system property for all endpoints, \"-Dsolr.hiddenSysProps\".\nBy default all known sensitive properties are hidden (including \"-Dbasicauth\"), as well as any property with a name containing \"secret\" or \"password\".\n\nUsers who cannot upgrade can also use the following Java system property to fix the issue:\n  `-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*`","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50291.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50291","reference_id":"","reference_type":"","scores":[{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86796","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86789","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86772","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86776","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86771","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86763","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86766","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86753","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86743","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86724","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86725","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03074","scoring_system":"epss","scoring_elements":"0.86706","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50291"},{"reference_url":"https://github.com/apache/solr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr"},{"reference_url":"https://github.com/apache/solr/commit/659021c7d50164a3166887f24875228431b02102","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr/commit/659021c7d50164a3166887f24875228431b02102"},{"reference_url":"https://github.com/apache/solr/commit/98c198810f2cd934d23d0d80aadb570a2bbb3b8e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr/commit/98c198810f2cd934d23d0d80aadb570a2bbb3b8e"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-16809","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-16809"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50291","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50291"},{"reference_url":"https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:48Z/"}],"url":"https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/09/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/09/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263577","reference_id":"2263577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263577"},{"reference_url":"https://github.com/advisories/GHSA-3hwc-rqwp-v36q","reference_id":"GHSA-3hwc-rqwp-v36q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3hwc-rqwp-v36q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049529?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24"}],"aliases":["CVE-2023-50291","GHSA-3hwc-rqwp-v36q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc41-ky5q-tkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4800?format=json","vulnerability_id":"VCID-ke61-vddr-4udk","summary":"When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1447","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1448","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1449","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1450","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1451","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1451"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3163.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3163","reference_id":"","reference_type":"","scores":[{"value":"0.11857","scoring_system":"epss","scoring_elements":"0.93756","published_at":"2026-04-29T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94897","published_at":"2026-04-18T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94878","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94882","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94885","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94894","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.949","published_at":"2026-04-21T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.9485","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.9486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94863","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94865","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94874","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163"},{"reference_url":"https://github.com/advisories/GHSA-387v-84cv-9qmc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-387v-84cv-9qmc"},{"reference_url":"https://github.com/apache/lucene-solr/commit/3a4f885b18bc963a8326c752bd229497908f1db","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/3a4f885b18bc963a8326c752bd229497908f1db"},{"reference_url":"https://github.com/apache/lucene-solr/commit/6f598d24692a89da9b5b671be6cf4b947aa39266","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/6f598d24692a89da9b5b671be6cf4b947aa39266"},{"reference_url":"https://github.com/apache/lucene-solr/commit/7088137d52256354a52ed86547b9faa0e704293","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/7088137d52256354a52ed86547b9faa0e704293"},{"reference_url":"https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4d"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-10031","reference_id":"","reference_type":"","scores":[],"url":"https://issues.apache.org/jira/browse/SOLR-10031"},{"reference_url":"https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://www.debian.org/security/2018/dsa-4124","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4124"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1454783","reference_id":"1454783","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1454783"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712","reference_id":"867712","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3163","reference_id":"CVE-2017-3163","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3163"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037117?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-10%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-10%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1049528?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-20%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-20%252Bdeb10u2"}],"aliases":["CVE-2017-3163","GHSA-387v-84cv-9qmc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ke61-vddr-4udk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15212?format=json","vulnerability_id":"VCID-qkt3-eevh-ekcr","summary":"Apache Solr Schema Designer blindly \"trusts\" all configsets\nIncorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.\n\nThis issue affects Apache Solr from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.\n\nThe Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.\nHowever, when the feature was created, the \"trust\" (authentication) of these configSets was not considered.\nExternal library loading is only available to configSets that are \"trusted\" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.\nSince the Schema Designer loaded configSets without taking their \"trust\" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.\n\nUsers are recommended to upgrade to version 9.3.0 or 8.11.3, both of which fix the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50292.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50292.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50292","reference_id":"","reference_type":"","scores":[{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97335","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97334","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97352","published_at":"2026-04-29T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97348","published_at":"2026-04-24T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97347","published_at":"2026-04-18T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.9732","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97344","published_at":"2026-04-16T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40116","scoring_system":"epss","scoring_elements":"0.97324","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50292"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50292","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50292"},{"reference_url":"https://github.com/apache/lucene-solr/commit/6e9ed203b30958396bdfd41760d426b386646865","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/6e9ed203b30958396bdfd41760d426b386646865"},{"reference_url":"https://github.com/apache/solr/commit/d07751cfaa8065bea8bd43f59e758e50d50c2419","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr/commit/d07751cfaa8065bea8bd43f59e758e50d50c2419"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-16777","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-16777"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50292","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50292"},{"reference_url":"https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:33Z/"}],"url":"https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/09/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/09/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263579","reference_id":"2263579","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263579"},{"reference_url":"https://github.com/advisories/GHSA-4wxw-42wx-2wfx","reference_id":"GHSA-4wxw-42wx-2wfx","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wxw-42wx-2wfx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049529?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24"}],"aliases":["CVE-2023-50292","GHSA-4wxw-42wx-2wfx"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkt3-eevh-ekcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4902?format=json","vulnerability_id":"VCID-rys3-pnnk-a7e4","summary":"Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.","references":[{"reference_url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E"},{"reference_url":"http://openwall.com/lists/oss-security/2017/10/13/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2017/10/13/1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3123","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3124","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3244","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3451","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3452","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0004","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0005","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0005"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12629","reference_id":"","reference_type":"","scores":[{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99877","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99876","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99875","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99873","published_at":"2026-04-08T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99872","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99871","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163"},{"reference_url":"https://github.com/advisories/GHSA-mh7g-99w9-xpjm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mh7g-99w9-xpjm"},{"reference_url":"https://github.com/apache/lucene","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene"},{"reference_url":"https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2"},{"reference_url":"https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc"},{"reference_url":"https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a"},{"reference_url":"https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1"},{"reference_url":"https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268"},{"reference_url":"https://github.com/AsyncHttpClient/async-http-client/issues/1455","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AsyncHttpClient/async-http-client/issues/1455"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-11477","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-11477"},{"reference_url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html"},{"reference_url":"https://s.apache.org/FJDl","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://s.apache.org/FJDl"},{"reference_url":"https://twitter.com/ApacheSolr/status/918731485611401216","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://twitter.com/ApacheSolr/status/918731485611401216"},{"reference_url":"https://twitter.com/joshbressers/status/919258716297420802","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://twitter.com/joshbressers/status/919258716297420802"},{"reference_url":"https://twitter.com/searchtools_avi/status/918904813613543424","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://twitter.com/searchtools_avi/status/918904813613543424"},{"reference_url":"https://usn.ubuntu.com/4259-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4259-1"},{"reference_url":"https://www.debian.org/security/2018/dsa-4124","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4124"},{"reference_url":"https://www.exploit-db.com/exploits/43009","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43009"},{"reference_url":"https://www.exploit-db.com/exploits/43009/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43009/"},{"reference_url":"http://www.securityfocus.com/bid/101261","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/101261"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1501529","reference_id":"1501529","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1501529"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt","reference_id":"CVE-2017-12629","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12629","reference_id":"CVE-2017-12629","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12629"},{"reference_url":"http://www.cvedetails.com/cve/CVE-2017-12629/","reference_id":"CVE-2017-12629","reference_type":"","scores":[],"url":"http://www.cvedetails.com/cve/CVE-2017-12629/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2561","reference_id":"RHSA-2020:2561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1334","reference_id":"RHSA-2023:1334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1334"},{"reference_url":"https://usn.ubuntu.com/4259-1/","reference_id":"USN-4259-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4259-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037117?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-10%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-10%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1049528?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-20%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-20%252Bdeb10u2"}],"aliases":["CVE-2017-12629","GHSA-mh7g-99w9-xpjm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rys3-pnnk-a7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15590?format=json","vulnerability_id":"VCID-t4p6-84y8-kbbu","summary":"Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds\nExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nSolr Streaming Expressions allows users to extract data from other Solr Clouds, using a \"zkHost\" parameter.\n\nWhen original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever \"zkHost\" the user provides.\n\nAn attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in \"zkHost\".\n\nStreaming Expressions are exposed via the \"/streaming\" handler, with \"read\" permissions.\n\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\n\nFrom these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50298.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50298.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50298","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13526","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13624","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13571","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13778","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13646","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13847","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13791","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13653","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13641","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13568","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1366","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1371","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13747","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50298"},{"reference_url":"https://github.com/apache/lucene-solr/commit/61c956c426b2cfb85ccef55d1afca4335eacd269","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/61c956c426b2cfb85ccef55d1afca4335eacd269"},{"reference_url":"https://github.com/apache/solr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr"},{"reference_url":"https://github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr/commit/e2bf1f434aad873fbb24c21d46ac00e888806d98"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-17098","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-17098"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50298","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50298"},{"reference_url":"https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:14:53Z/"}],"url":"https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/09/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:14:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/09/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/09/3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-19T16:14:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/09/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263583","reference_id":"2263583","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263583"},{"reference_url":"https://github.com/advisories/GHSA-xrj7-x7gp-wwqr","reference_id":"GHSA-xrj7-x7gp-wwqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrj7-x7gp-wwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049529?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24"}],"aliases":["CVE-2023-50298","GHSA-xrj7-x7gp-wwqr"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t4p6-84y8-kbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50723?format=json","vulnerability_id":"VCID-tt7h-4geu-5bc9","summary":"XML External Entity (XXE) Injection in Apache Solr\nIn Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's \"dataConfig\" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property \"enable.dih.dataConfigParam\" to true.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0193.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0193","reference_id":"","reference_type":"","scores":[{"value":"0.93076","scoring_system":"epss","scoring_elements":"0.99789","published_at":"2026-04-01T12:55:00Z"},{"value":"0.93076","scoring_system":"epss","scoring_elements":"0.99791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.93076","scoring_system":"epss","scoring_elements":"0.9979","published_at":"2026-04-07T12:55:00Z"},{"value":"0.93438","scoring_system":"epss","scoring_elements":"0.99821","published_at":"2026-04-21T12:55:00Z"},{"value":"0.93438","scoring_system":"epss","scoring_elements":"0.99819","published_at":"2026-04-18T12:55:00Z"},{"value":"0.93438","scoring_system":"epss","scoring_elements":"0.99824","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93438","scoring_system":"epss","scoring_elements":"0.99823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93438","scoring_system":"epss","scoring_elements":"0.99822","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0193"},{"reference_url":"https://github.com/apache/lucene-solr","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr"},{"reference_url":"https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f7","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f7"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-13669","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://issues.apache.org/jira/browse/SOLR-13669"},{"reference_url":"https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:04:18Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00025.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0193","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0193"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESOLR-536063","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESOLR-536063"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0193","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0193"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1736774","reference_id":"1736774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1736774"},{"reference_url":"https://github.com/advisories/GHSA-3gm7-v7vw-866c","reference_id":"GHSA-3gm7-v7vw-866c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gm7-v7vw-866c"},{"reference_url":"https://usn.ubuntu.com/7283-1/","reference_id":"USN-7283-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7283-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049529?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24"}],"aliases":["CVE-2019-0193","GHSA-3gm7-v7vw-866c"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tt7h-4geu-5bc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25841?format=json","vulnerability_id":"VCID-v5ka-6bd4-33ft","summary":"Apache Solr vulnerable to Execution with Unnecessary Privileges\nCore creation allows users to replace \"trusted\" configset files with arbitrary configuration\n\nSolr instances that (1) use the \"FileSystemConfigSetService\" component (the default in \"standalone\" or \"user-managed\" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual \"trusted\" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as \"trusted\" and can use \"<lib>\" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.\n\nThis issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from \"FileSystemConfigSetService\").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of \"<lib>\" tags by default.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24814.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24814","reference_id":"","reference_type":"","scores":[{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73609","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73653","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73582","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73586","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.7368","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74094","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.7406","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74102","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24814"},{"reference_url":"https://github.com/apache/solr","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr"},{"reference_url":"https://github.com/apache/solr/commit/f492e24881c5724a1b1baecfc9549e2cb0257525","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/solr/commit/f492e24881c5724a1b1baecfc9549e2cb0257525"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-16781","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-16781"},{"reference_url":"https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T14:10:58Z/"}],"url":"https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24814","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24814"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250214-0002","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250214-0002"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/01/26/1","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/01/26/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342221","reference_id":"2342221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342221"},{"reference_url":"https://github.com/advisories/GHSA-68r2-fwcg-qpm8","reference_id":"GHSA-68r2-fwcg-qpm8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-68r2-fwcg-qpm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049529?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-24"}],"aliases":["CVE-2025-24814","GHSA-68r2-fwcg-qpm8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5ka-6bd4-33ft"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4755?format=json","vulnerability_id":"VCID-h9gm-dpgv-2yeh","summary":"This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1308.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1308","reference_id":"","reference_type":"","scores":[{"value":"0.0434","scoring_system":"epss","scoring_elements":"0.88965","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90477","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90512","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90513","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.905","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90484","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.9049","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90483","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90443","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90447","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90459","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05778","scoring_system":"epss","scoring_elements":"0.90465","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1308"},{"reference_url":"https://github.com/advisories/GHSA-3pph-2595-cgfh","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3pph-2595-cgfh"},{"reference_url":"https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f"},{"reference_url":"https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/3530397f1777332872eac2760f9aa0e2ae1d7450"},{"reference_url":"https://github.com/apache/lucene-solr/commit/739a7933","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/739a7933"},{"reference_url":"https://github.com/apache/lucene-solr/commit/739a79338856599084617d44b6a1b424af059aa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/739a79338856599084617d44b6a1b424af059aa"},{"reference_url":"https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee6"},{"reference_url":"https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/dd3be31f7062dcb2f3b2d7f0e89df29e197dee63"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-11971","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-11971"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00025.html"},{"reference_url":"https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mail-archives.apache.org/mod_mbox/www-announce/201804.mbox/%3C000001d3cf68%245ac69af0%241053d0d0%24%40apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1308","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1308"},{"reference_url":"https://www.debian.org/security/2018/dsa-4194","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4194"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1564959","reference_id":"1564959","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1564959"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604","reference_id":"896604","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896604"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036056?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-5%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037117?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-10%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-10%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1049528?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-20%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-20%252Bdeb10u2"}],"aliases":["CVE-2018-1308","GHSA-3pph-2595-cgfh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9gm-dpgv-2yeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4800?format=json","vulnerability_id":"VCID-ke61-vddr-4udk","summary":"When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1447","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1448","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1449","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1450","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1451","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1451"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3163.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3163","reference_id":"","reference_type":"","scores":[{"value":"0.11857","scoring_system":"epss","scoring_elements":"0.93756","published_at":"2026-04-29T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94897","published_at":"2026-04-18T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94878","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94882","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94885","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94894","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.949","published_at":"2026-04-21T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.9485","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.9486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94863","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94865","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16448","scoring_system":"epss","scoring_elements":"0.94874","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163"},{"reference_url":"https://github.com/advisories/GHSA-387v-84cv-9qmc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-387v-84cv-9qmc"},{"reference_url":"https://github.com/apache/lucene-solr/commit/3a4f885b18bc963a8326c752bd229497908f1db","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/3a4f885b18bc963a8326c752bd229497908f1db"},{"reference_url":"https://github.com/apache/lucene-solr/commit/6f598d24692a89da9b5b671be6cf4b947aa39266","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/6f598d24692a89da9b5b671be6cf4b947aa39266"},{"reference_url":"https://github.com/apache/lucene-solr/commit/7088137d52256354a52ed86547b9faa0e704293","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/7088137d52256354a52ed86547b9faa0e704293"},{"reference_url":"https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4d"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-10031","reference_id":"","reference_type":"","scores":[],"url":"https://issues.apache.org/jira/browse/SOLR-10031"},{"reference_url":"https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://www.debian.org/security/2018/dsa-4124","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4124"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1454783","reference_id":"1454783","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1454783"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712","reference_id":"867712","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867712"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3163","reference_id":"CVE-2017-3163","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3163"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036056?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-5%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037117?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-10%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-10%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1049528?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-20%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-20%252Bdeb10u2"}],"aliases":["CVE-2017-3163","GHSA-387v-84cv-9qmc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ke61-vddr-4udk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4902?format=json","vulnerability_id":"VCID-rys3-pnnk-a7e4","summary":"Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.","references":[{"reference_url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E"},{"reference_url":"http://openwall.com/lists/oss-security/2017/10/13/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2017/10/13/1"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3123","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3124","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3244","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3244"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3451","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3452","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0004","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0005","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0005"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12629","reference_id":"","reference_type":"","scores":[{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99877","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99876","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99875","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99873","published_at":"2026-04-08T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99872","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93891","scoring_system":"epss","scoring_elements":"0.99871","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163"},{"reference_url":"https://github.com/advisories/GHSA-mh7g-99w9-xpjm","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mh7g-99w9-xpjm"},{"reference_url":"https://github.com/apache/lucene","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene"},{"reference_url":"https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/3bba91131b5257e64b9d0a2193e1e32a145b2a2"},{"reference_url":"https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc"},{"reference_url":"https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/lucene-solr/commit/d28baa3fc5566b47f1ca7cc2ba1aba658dc634a"},{"reference_url":"https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/d8000beebfb13ba0b6e754f84c760e11592d8d1"},{"reference_url":"https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/lucene-solr/commit/f9fd6e9e26224f26f1542224ce187e04c27b268"},{"reference_url":"https://github.com/AsyncHttpClient/async-http-client/issues/1455","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/AsyncHttpClient/async-http-client/issues/1455"},{"reference_url":"https://issues.apache.org/jira/browse/SOLR-11477","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/SOLR-11477"},{"reference_url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f@%3Coak-issues.jackrabbit.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r26c996b068ef6c5e89aa59acb769025cfd343a08e63fbe9e7f3f720f%40%3Coak-issues.jackrabbit.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/01/msg00028.html"},{"reference_url":"https://s.apache.org/FJDl","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://s.apache.org/FJDl"},{"reference_url":"https://twitter.com/ApacheSolr/status/918731485611401216","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://twitter.com/ApacheSolr/status/918731485611401216"},{"reference_url":"https://twitter.com/joshbressers/status/919258716297420802","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://twitter.com/joshbressers/status/919258716297420802"},{"reference_url":"https://twitter.com/searchtools_avi/status/918904813613543424","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://twitter.com/searchtools_avi/status/918904813613543424"},{"reference_url":"https://usn.ubuntu.com/4259-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4259-1"},{"reference_url":"https://www.debian.org/security/2018/dsa-4124","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4124"},{"reference_url":"https://www.exploit-db.com/exploits/43009","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/43009"},{"reference_url":"https://www.exploit-db.com/exploits/43009/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43009/"},{"reference_url":"http://www.securityfocus.com/bid/101261","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/101261"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1501529","reference_id":"1501529","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1501529"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt","reference_id":"CVE-2017-12629","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/xml/webapps/43009.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12629","reference_id":"CVE-2017-12629","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12629"},{"reference_url":"http://www.cvedetails.com/cve/CVE-2017-12629/","reference_id":"CVE-2017-12629","reference_type":"","scores":[],"url":"http://www.cvedetails.com/cve/CVE-2017-12629/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2561","reference_id":"RHSA-2020:2561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1334","reference_id":"RHSA-2023:1334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1334"},{"reference_url":"https://usn.ubuntu.com/4259-1/","reference_id":"USN-4259-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4259-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036056?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-5%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037117?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-10%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-h9gm-dpgv-2yeh"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-ke61-vddr-4udk"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-rys3-pnnk-a7e4"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-10%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1049528?format=json","purl":"pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-20%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4dgs-1mk2-5ubr"},{"vulnerability":"VCID-ftx3-494m-hbee"},{"vulnerability":"VCID-hpys-9ncu-3bgv"},{"vulnerability":"VCID-jc41-ky5q-tkhv"},{"vulnerability":"VCID-qkt3-eevh-ekcr"},{"vulnerability":"VCID-t4p6-84y8-kbbu"},{"vulnerability":"VCID-tt7h-4geu-5bc9"},{"vulnerability":"VCID-v5ka-6bd4-33ft"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-20%252Bdeb10u2"}],"aliases":["CVE-2017-12629","GHSA-mh7g-99w9-xpjm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rys3-pnnk-a7e4"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lucene-solr@3.6.2%252Bdfsg-5%252Bdeb8u2"}