VulnerableCode Package Details - pkg:maven/org.apache.solr/solr-core@9.4.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-mgtc-1e6f-3bhg Aliases: CVE-2024-52012 GHSA-4p5m-gvpf-f3x5	Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.	9.8.0 Affected by 0 other vulnerabilities.
VCID-x6bt-nsqt-gfg2 Aliases: CVE-2025-24814 GHSA-68r2-fwcg-qpm8	solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files	9.8.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-mgtc-1e6f-3bhg
Aliases:
CVE-2024-52012
GHSA-4p5m-gvpf-f3x5

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.

9.8.0
Affected by 0 other vulnerabilities.

VCID-x6bt-nsqt-gfg2
Aliases:
CVE-2025-24814
GHSA-68r2-fwcg-qpm8

solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files

9.8.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-83s4-swg3-aaar	Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets	CVE-2023-50386 GHSA-37vr-vmg4-jwpw
VCID-vj8s-sv5u-aaaf	Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds	CVE-2023-50298 GHSA-xrj7-x7gp-wwqr

Vulnerability

Summary

Aliases

VCID-83s4-swg3-aaar

Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

CVE-2023-50386
GHSA-37vr-vmg4-jwpw

VCID-vj8s-sv5u-aaaf

Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds

CVE-2023-50298
GHSA-xrj7-x7gp-wwqr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:15:28.758733+00:00	GitLab Importer	Affected by	VCID-x6bt-nsqt-gfg2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2025-24814.yml	36.1.3
2025-06-20T17:15:28.336476+00:00	GitLab Importer	Affected by	VCID-mgtc-1e6f-3bhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml	36.1.3
2025-06-20T16:52:43.086055+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	36.1.3
2025-06-20T16:52:42.683467+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	36.1.3
2025-06-03T23:50:50.477039+00:00	GitLab Importer	Affected by	VCID-x6bt-nsqt-gfg2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2025-24814.yml	36.1.0
2025-06-03T23:50:50.115003+00:00	GitLab Importer	Affected by	VCID-mgtc-1e6f-3bhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml	36.1.0
2025-06-03T23:29:58.824286+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	36.1.0
2025-06-03T23:29:58.568104+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	36.1.0
2025-06-02T23:49:37.982322+00:00	GitLab Importer	Affected by	VCID-x6bt-nsqt-gfg2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2025-24814.yml	36.1.2
2025-06-02T23:49:37.561213+00:00	GitLab Importer	Affected by	VCID-mgtc-1e6f-3bhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml	36.1.2
2025-06-02T23:27:43.094715+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	36.1.2
2025-06-02T23:27:42.833544+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	36.1.2
2025-04-04T11:32:40.561732+00:00	GithubOSV Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-37vr-vmg4-jwpw/GHSA-37vr-vmg4-jwpw.json	36.0.0
2025-04-03T22:39:51.453359+00:00	GitLab Importer	Affected by	VCID-x6bt-nsqt-gfg2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2025-24814.yml	36.0.0
2025-04-03T22:39:50.072079+00:00	GitLab Importer	Affected by	VCID-mgtc-1e6f-3bhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml	36.0.0
2025-04-03T21:54:56.753529+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	36.0.0
2025-03-29T10:49:47.768304+00:00	GHSA Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/advisories/GHSA-37vr-vmg4-jwpw	36.0.0
2025-03-28T16:49:12.255931+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	36.0.0
2025-02-18T03:42:00.803918+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	35.1.0
2025-02-18T01:06:03.928819+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	35.1.0
2024-11-21T00:59:53.617929+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	35.0.0
2024-11-20T23:31:01.020777+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	35.0.0
2024-11-19T00:48:31.517059+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	34.3.2
2024-11-18T23:19:53.340738+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	34.3.2
2024-10-15T19:18:02.527965+00:00	GithubOSV Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-37vr-vmg4-jwpw/GHSA-37vr-vmg4-jwpw.json	34.0.2
2024-10-08T01:20:26.204765+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	34.0.2
2024-10-08T00:17:17.483229+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	34.0.2
2024-10-07T21:49:09.429920+00:00	GHSA Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/advisories/GHSA-37vr-vmg4-jwpw	34.0.2
2024-09-18T09:18:58.332702+00:00	GithubOSV Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-37vr-vmg4-jwpw/GHSA-37vr-vmg4-jwpw.json	34.0.1
2024-09-17T22:40:27.607404+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	34.0.1
2024-09-17T22:40:25.998063+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	34.0.1
2024-09-17T22:01:08.576731+00:00	GHSA Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/advisories/GHSA-37vr-vmg4-jwpw	34.0.1
2024-05-17T21:00:59.032950+00:00	GHSA Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/advisories/GHSA-37vr-vmg4-jwpw	34.0.0rc4
2024-04-23T23:13:03.758365+00:00	GithubOSV Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-37vr-vmg4-jwpw/GHSA-37vr-vmg4-jwpw.json	34.0.0rc4
2024-04-23T17:43:22.564201+00:00	GitLab Importer	Fixing	VCID-83s4-swg3-aaar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50386.yml	34.0.0rc4
2024-04-23T17:43:22.323689+00:00	GitLab Importer	Fixing	VCID-vj8s-sv5u-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2023-50298.yml	34.0.0rc4
2024-02-09T23:49:06.979767+00:00	GHSA Importer	Fixing	VCID-83s4-swg3-aaar	https://github.com/advisories/GHSA-37vr-vmg4-jwpw	34.0.0rc2