VulnerableCode Package Details - pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5%2Bdeb8u2

Search for packages

Package details: pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5%2Bdeb8u2

Essentials
History (72)

purl	pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5%2Bdeb8u2

Next non-vulnerable version	3.6.2+dfsg-24
Latest non-vulnerable version	3.6.2+dfsg-24
Risk	10.0

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-83s4-swg3-aaar Aliases: CVE-2023-50386 GHSA-37vr-vmg4-jwpw	Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets	3.6.2+dfsg-24 Affected by 0 other vulnerabilities.
VCID-cwan-4pbv-aaab Aliases: CVE-2020-13941 GHSA-2467-h365-j7hm	Improper Input Validation in Apache Solr	3.6.2+dfsg-24 Affected by 0 other vulnerabilities.
VCID-ewma-bdd5-aaaa Aliases: CVE-2018-1308 GHSA-3pph-2595-cgfh	There is a XML external entity expansion (XXE) vulnerability in Apache Solr	3.6.2+dfsg-10+deb9u2 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.6.2+dfsg-20+deb10u2 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fkew-f1ez-aaaq Aliases: CVE-2023-50291 GHSA-3hwc-rqwp-v36q	Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies	3.6.2+dfsg-24 Affected by 0 other vulnerabilities.
VCID-k73v-pu17-aaaj Aliases: CVE-2017-3163 GHSA-387v-84cv-9qmc	Moderate severity vulnerability that affects org.apache.solr:solr-core	3.6.2+dfsg-10+deb9u2 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.6.2+dfsg-20+deb10u2 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pk1z-x6n7-aaaa Aliases: CVE-2023-50292 GHSA-4wxw-42wx-2wfx	Apache Solr Schema Designer blindly "trusts" all configsets	3.6.2+dfsg-24 Affected by 0 other vulnerabilities.
VCID-serq-s7kt-aaac Aliases: CVE-2019-0193 GHSA-3gm7-v7vw-866c	XML External Entity (XXE) Injection in Apache Solr	3.6.2+dfsg-20+deb10u2 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.6.2+dfsg-24 Affected by 0 other vulnerabilities.
VCID-vj8s-sv5u-aaaf Aliases: CVE-2023-50298 GHSA-xrj7-x7gp-wwqr	Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds	3.6.2+dfsg-24 Affected by 0 other vulnerabilities.
VCID-vjex-gw45-aaae Aliases: CVE-2021-27905 GHSA-5phw-3jrp-3vj8	Server-Side Request Forgery in Apache Solr	3.6.2+dfsg-24 Affected by 0 other vulnerabilities.
VCID-x6bt-nsqt-gfg2 Aliases: CVE-2025-24814 GHSA-68r2-fwcg-qpm8	solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files	3.6.2+dfsg-24 Affected by 0 other vulnerabilities.
VCID-y2ff-qfxj-aaar Aliases: CVE-2017-12629 GHSA-mh7g-99w9-xpjm	Remote code execution occurs in Apache Solr	3.6.2+dfsg-10+deb9u2 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.6.2+dfsg-20+deb10u2 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-ewma-bdd5-aaaa	There is a XML external entity expansion (XXE) vulnerability in Apache Solr	CVE-2018-1308 GHSA-3pph-2595-cgfh
VCID-k73v-pu17-aaaj	Moderate severity vulnerability that affects org.apache.solr:solr-core	CVE-2017-3163 GHSA-387v-84cv-9qmc
VCID-y2ff-qfxj-aaar	Remote code execution occurs in Apache Solr	CVE-2017-12629 GHSA-mh7g-99w9-xpjm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T19:14:03.592528+00:00	Debian Oval Importer	Affected by	VCID-vjex-gw45-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T19:04:47.183354+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T18:58:25.430340+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T16:45:49.610273+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T15:30:21.034813+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T14:30:18.083155+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:44:03.515870+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T10:34:14.862885+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:18:58.164976+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:18:53.289155+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T09:44:45.360975+00:00	Debian Oval Importer	Fixing	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:41:17.502817+00:00	Debian Oval Importer	Fixing	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T09:29:33.749577+00:00	Debian Oval Importer	Fixing	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T06:02:59.225624+00:00	Debian Oval Importer	Affected by	VCID-cwan-4pbv-aaab	None	36.1.3
2025-06-21T02:56:28.105946+00:00	Debian Oval Importer	Affected by	VCID-vjex-gw45-aaae	None	36.1.3
2025-06-21T01:09:44.665188+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	None	36.1.3
2025-06-20T23:26:35.177681+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	None	36.1.3
2025-06-20T20:13:03.093510+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	None	36.1.3
2025-06-20T20:10:13.387390+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	None	36.1.3
2025-06-20T19:48:16.797138+00:00	Debian Oval Importer	Fixing	VCID-ewma-bdd5-aaaa	None	36.1.3
2025-06-20T19:36:20.924691+00:00	Debian Oval Importer	Fixing	VCID-k73v-pu17-aaaj	None	36.1.3
2025-06-08T12:44:31.605746+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T11:42:51.902343+00:00	Debian Oval Importer	Affected by	VCID-vjex-gw45-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T11:33:57.618870+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T11:27:48.381930+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:31:04.138553+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:24:53.683401+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T07:23:18.677634+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:38:13.298013+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:16:29.102389+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:06:32.060080+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T04:06:27.240674+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T03:33:26.863380+00:00	Debian Oval Importer	Fixing	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:29:58.636764+00:00	Debian Oval Importer	Fixing	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-08T03:17:51.330934+00:00	Debian Oval Importer	Fixing	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T23:41:43.990428+00:00	Debian Oval Importer	Affected by	VCID-cwan-4pbv-aaab	None	36.1.0
2025-06-07T20:24:12.081908+00:00	Debian Oval Importer	Affected by	VCID-vjex-gw45-aaae	None	36.1.0
2025-06-07T18:32:23.812459+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	None	36.1.0
2025-06-07T16:49:30.190350+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	None	36.1.0
2025-06-07T13:54:29.898931+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	None	36.1.0
2025-06-07T13:53:41.502765+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	None	36.1.0
2025-06-07T13:40:23.631732+00:00	Debian Oval Importer	Fixing	VCID-ewma-bdd5-aaaa	None	36.1.0
2025-06-07T13:31:32.016864+00:00	Debian Oval Importer	Fixing	VCID-k73v-pu17-aaaj	None	36.1.0
2025-04-13T02:51:17.155777+00:00	Debian Oval Importer	Affected by	VCID-x6bt-nsqt-gfg2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:59:20.733112+00:00	Debian Oval Importer	Affected by	VCID-83s4-swg3-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:59:17.344036+00:00	Debian Oval Importer	Affected by	VCID-vj8s-sv5u-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:59:16.645276+00:00	Debian Oval Importer	Affected by	VCID-fkew-f1ez-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:59:15.920718+00:00	Debian Oval Importer	Affected by	VCID-pk1z-x6n7-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:06:37.150084+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:45:10.181858+00:00	Debian Oval Importer	Affected by	VCID-cwan-4pbv-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:31:24.005522+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:27:40.227501+00:00	Debian Oval Importer	Affected by	VCID-vjex-gw45-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:18:23.751147+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:11:59.917670+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T08:03:29.216827+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T06:56:15.803007+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:55:56.996211+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:10:40.149821+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T02:45:48.646054+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:35:04.864794+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:34:59.778676+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:00:57.608085+00:00	Debian Oval Importer	Fixing	VCID-k73v-pu17-aaaj	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T01:57:27.626140+00:00	Debian Oval Importer	Fixing	VCID-y2ff-qfxj-aaar	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-08T01:45:18.543056+00:00	Debian Oval Importer	Fixing	VCID-ewma-bdd5-aaaa	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T22:13:47.339257+00:00	Debian Oval Importer	Affected by	VCID-cwan-4pbv-aaab	None	36.0.0
2025-04-07T18:59:17.078204+00:00	Debian Oval Importer	Affected by	VCID-vjex-gw45-aaae	None	36.0.0
2025-04-07T17:10:04.227365+00:00	Debian Oval Importer	Affected by	VCID-y2ff-qfxj-aaar	None	36.0.0
2025-04-07T15:22:13.587836+00:00	Debian Oval Importer	Affected by	VCID-serq-s7kt-aaac	None	36.0.0
2025-04-07T12:29:17.221923+00:00	Debian Oval Importer	Affected by	VCID-k73v-pu17-aaaj	None	36.0.0
2025-04-07T12:28:30.856139+00:00	Debian Oval Importer	Affected by	VCID-ewma-bdd5-aaaa	None	36.0.0
2025-04-07T12:15:44.340298+00:00	Debian Oval Importer	Fixing	VCID-ewma-bdd5-aaaa	None	36.0.0
2025-04-07T12:06:57.572160+00:00	Debian Oval Importer	Fixing	VCID-k73v-pu17-aaaj	None	36.0.0