Search for packages
Package details: pkg:maven/org.apache.solr/solr-core@9.8.0
purl pkg:maven/org.apache.solr/solr-core@9.8.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-mgtc-1e6f-3bhg Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.   This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. CVE-2024-52012
GHSA-4p5m-gvpf-f3x5
VCID-x6bt-nsqt-gfg2 solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files CVE-2025-24814
GHSA-68r2-fwcg-qpm8

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:15:28.766716+00:00 GitLab Importer Fixing VCID-x6bt-nsqt-gfg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2025-24814.yml 36.1.3
2025-06-20T17:15:28.345756+00:00 GitLab Importer Fixing VCID-mgtc-1e6f-3bhg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml 36.1.3
2025-06-03T23:50:50.484467+00:00 GitLab Importer Fixing VCID-x6bt-nsqt-gfg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2025-24814.yml 36.1.0
2025-06-03T23:50:50.122382+00:00 GitLab Importer Fixing VCID-mgtc-1e6f-3bhg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml 36.1.0
2025-06-02T23:49:37.991634+00:00 GitLab Importer Fixing VCID-x6bt-nsqt-gfg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2025-24814.yml 36.1.2
2025-06-02T23:49:37.570486+00:00 GitLab Importer Fixing VCID-mgtc-1e6f-3bhg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml 36.1.2
2025-04-04T11:32:08.687398+00:00 GithubOSV Importer Fixing VCID-mgtc-1e6f-3bhg https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-4p5m-gvpf-f3x5/GHSA-4p5m-gvpf-f3x5.json 36.0.0
2025-04-04T11:31:58.914566+00:00 GithubOSV Importer Fixing VCID-x6bt-nsqt-gfg2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-68r2-fwcg-qpm8/GHSA-68r2-fwcg-qpm8.json 36.0.0
2025-03-28T20:13:07.077968+00:00 GHSA Importer Fixing VCID-x6bt-nsqt-gfg2 https://github.com/advisories/GHSA-68r2-fwcg-qpm8 36.0.0
2025-03-28T20:12:44.218113+00:00 GHSA Importer Fixing VCID-mgtc-1e6f-3bhg https://github.com/advisories/GHSA-4p5m-gvpf-f3x5 36.0.0
2025-03-28T16:49:50.768029+00:00 GitLab Importer Fixing VCID-x6bt-nsqt-gfg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2025-24814.yml 36.0.0
2025-03-28T16:49:28.566482+00:00 GitLab Importer Fixing VCID-mgtc-1e6f-3bhg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.solr/solr-core/CVE-2024-52012.yml 36.0.0