Search for packages
Package details: pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5
purl pkg:deb/debian/lucene-solr@3.6.2%2Bdfsg-5
Next non-vulnerable version 3.6.2+dfsg-24
Latest non-vulnerable version 3.6.2+dfsg-24
Risk 10.0
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-83s4-swg3-aaar
Aliases:
CVE-2023-50386
GHSA-37vr-vmg4-jwpw
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
3.6.2+dfsg-24
Affected by 0 other vulnerabilities.
VCID-cwan-4pbv-aaab
Aliases:
CVE-2020-13941
GHSA-2467-h365-j7hm
Improper Input Validation in Apache Solr
3.6.2+dfsg-24
Affected by 0 other vulnerabilities.
VCID-ewma-bdd5-aaaa
Aliases:
CVE-2018-1308
GHSA-3pph-2595-cgfh
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
3.6.2+dfsg-5+deb8u2
Affected by 11 other vulnerabilities.
3.6.2+dfsg-10+deb9u2
Affected by 11 other vulnerabilities.
3.6.2+dfsg-20+deb10u2
Affected by 8 other vulnerabilities.
VCID-fkew-f1ez-aaaq
Aliases:
CVE-2023-50291
GHSA-3hwc-rqwp-v36q
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
3.6.2+dfsg-24
Affected by 0 other vulnerabilities.
VCID-k73v-pu17-aaaj
Aliases:
CVE-2017-3163
GHSA-387v-84cv-9qmc
Moderate severity vulnerability that affects org.apache.solr:solr-core
3.6.2+dfsg-5+deb8u2
Affected by 11 other vulnerabilities.
3.6.2+dfsg-10+deb9u2
Affected by 11 other vulnerabilities.
3.6.2+dfsg-20+deb10u2
Affected by 8 other vulnerabilities.
VCID-pk1z-x6n7-aaaa
Aliases:
CVE-2023-50292
GHSA-4wxw-42wx-2wfx
Apache Solr Schema Designer blindly "trusts" all configsets
3.6.2+dfsg-24
Affected by 0 other vulnerabilities.
VCID-serq-s7kt-aaac
Aliases:
CVE-2019-0193
GHSA-3gm7-v7vw-866c
XML External Entity (XXE) Injection in Apache Solr
3.6.2+dfsg-20+deb10u2
Affected by 8 other vulnerabilities.
3.6.2+dfsg-24
Affected by 0 other vulnerabilities.
VCID-vj8s-sv5u-aaaf
Aliases:
CVE-2023-50298
GHSA-xrj7-x7gp-wwqr
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
3.6.2+dfsg-24
Affected by 0 other vulnerabilities.
VCID-vjex-gw45-aaae
Aliases:
CVE-2021-27905
GHSA-5phw-3jrp-3vj8
Server-Side Request Forgery in Apache Solr
3.6.2+dfsg-24
Affected by 0 other vulnerabilities.
VCID-x6bt-nsqt-gfg2
Aliases:
CVE-2025-24814
GHSA-68r2-fwcg-qpm8
solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
3.6.2+dfsg-24
Affected by 0 other vulnerabilities.
VCID-y2ff-qfxj-aaar
Aliases:
CVE-2017-12629
GHSA-mh7g-99w9-xpjm
Remote code execution occurs in Apache Solr
3.6.2+dfsg-5+deb8u2
Affected by 11 other vulnerabilities.
3.6.2+dfsg-10+deb9u2
Affected by 11 other vulnerabilities.
3.6.2+dfsg-20+deb10u2
Affected by 8 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-3ymg-2hcn-aaak XML eXternal Entity (XXE) flaw in DocumentAnalysisRequestHandler The DocumentAnalysisRequestHandler in this package does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407. CVE-2013-6408
GHSA-45w3-2hvv-pfxq
VCID-dta3-8xp3-aaap The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407. CVE-2012-6612
GHSA-6cpj-3g83-q2j4
VCID-jt53-7yhp-aaab XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler This package allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. CVE-2013-6407
GHSA-998j-j6v9-5846
VCID-snxv-kdyk-aaap Directory traversal when loading XSL stylesheets and Velocity templates Directory traversal vulnerability in SolrResourceLoader in this package allows remote attackers to read arbitrary files via a `..` (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. CVE-2013-6397
GHSA-j8qw-mwmv-28cg

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:14:03.590851+00:00 Debian Oval Importer Affected by VCID-vjex-gw45-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T19:04:47.181338+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:58:25.428093+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T16:45:49.608048+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:30:21.032891+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:17:00.603176+00:00 Debian Oval Importer Fixing VCID-jt53-7yhp-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:30:18.080932+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:44:03.513285+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:10:48.337817+00:00 Debian Oval Importer Fixing VCID-snxv-kdyk-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:54:32.199536+00:00 Debian Oval Importer Fixing VCID-3ymg-2hcn-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:32:09.155997+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T10:34:14.861196+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:18:58.163004+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T10:18:53.287289+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T09:44:45.358579+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:41:17.500906+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:29:33.746365+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T06:02:59.223598+00:00 Debian Oval Importer Affected by VCID-cwan-4pbv-aaab None 36.1.3
2025-06-21T02:56:28.103946+00:00 Debian Oval Importer Affected by VCID-vjex-gw45-aaae None 36.1.3
2025-06-21T01:13:46.409374+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap None 36.1.3
2025-06-21T01:09:44.663301+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar None 36.1.3
2025-06-21T00:13:29.943662+00:00 Debian Oval Importer Fixing VCID-jt53-7yhp-aaab None 36.1.3
2025-06-20T23:26:35.175280+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac None 36.1.3
2025-06-20T22:55:46.684893+00:00 Debian Oval Importer Fixing VCID-3ymg-2hcn-aaak None 36.1.3
2025-06-20T19:52:01.156011+00:00 Debian Oval Importer Fixing VCID-snxv-kdyk-aaap None 36.1.3
2025-06-20T19:48:16.795473+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa None 36.1.3
2025-06-20T19:36:20.922907+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj None 36.1.3
2025-06-08T13:04:31.895955+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:44:31.603878+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:42:51.900551+00:00 Debian Oval Importer Affected by VCID-vjex-gw45-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:33:57.617314+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:27:48.380397+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:31:04.136959+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:24:53.681559+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:10:51.747862+00:00 Debian Oval Importer Fixing VCID-jt53-7yhp-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:23:18.675831+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:38:13.296204+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:05:34.357019+00:00 Debian Oval Importer Fixing VCID-snxv-kdyk-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:49:32.725495+00:00 Debian Oval Importer Fixing VCID-3ymg-2hcn-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:51:54.796287+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:16:29.100821+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:06:32.058270+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T04:06:27.239127+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-08T03:33:26.861804+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:29:58.635213+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:17:51.329290+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-07T23:41:43.988308+00:00 Debian Oval Importer Affected by VCID-cwan-4pbv-aaab None 36.1.0
2025-06-07T20:24:12.079988+00:00 Debian Oval Importer Affected by VCID-vjex-gw45-aaae None 36.1.0
2025-06-07T18:36:25.780380+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap None 36.1.0
2025-06-07T18:32:23.810917+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar None 36.1.0
2025-06-07T17:36:20.124474+00:00 Debian Oval Importer Fixing VCID-jt53-7yhp-aaab None 36.1.0
2025-06-07T16:49:30.188498+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac None 36.1.0
2025-06-07T16:19:02.882110+00:00 Debian Oval Importer Fixing VCID-3ymg-2hcn-aaak None 36.1.0
2025-06-07T13:43:27.869762+00:00 Debian Oval Importer Fixing VCID-snxv-kdyk-aaap None 36.1.0
2025-06-07T13:40:23.629816+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa None 36.1.0
2025-06-07T13:31:32.015020+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj None 36.1.0
2025-04-13T02:51:17.150357+00:00 Debian Oval Importer Affected by VCID-x6bt-nsqt-gfg2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:59:20.727797+00:00 Debian Oval Importer Affected by VCID-83s4-swg3-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:59:17.338727+00:00 Debian Oval Importer Affected by VCID-vj8s-sv5u-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:59:16.639988+00:00 Debian Oval Importer Affected by VCID-fkew-f1ez-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:59:15.914999+00:00 Debian Oval Importer Affected by VCID-pk1z-x6n7-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:30:55.746043+00:00 Debian Oval Importer Fixing VCID-3ymg-2hcn-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:06:37.145188+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:39:19.829273+00:00 Debian Oval Importer Fixing VCID-snxv-kdyk-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:22:41.032594+00:00 Debian Oval Importer Fixing VCID-jt53-7yhp-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:45:10.176820+00:00 Debian Oval Importer Affected by VCID-cwan-4pbv-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:52:01.811373+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:31:24.000549+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:27:40.222305+00:00 Debian Oval Importer Affected by VCID-vjex-gw45-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:18:23.746102+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:11:59.912719+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T08:03:29.211908+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:56:15.797537+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:42:49.638053+00:00 Debian Oval Importer Fixing VCID-jt53-7yhp-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:55:56.992759+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:10:40.144681+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:37:36.899159+00:00 Debian Oval Importer Fixing VCID-snxv-kdyk-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:21:18.591846+00:00 Debian Oval Importer Fixing VCID-3ymg-2hcn-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:23:05.880202+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T02:45:48.641331+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:35:04.859786+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:34:59.773772+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-08T02:00:57.602901+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:57:27.620666+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:45:18.538187+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-07T22:13:47.333544+00:00 Debian Oval Importer Affected by VCID-cwan-4pbv-aaab None 36.0.0
2025-04-07T18:59:17.072820+00:00 Debian Oval Importer Affected by VCID-vjex-gw45-aaae None 36.0.0
2025-04-07T17:14:11.912326+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap None 36.0.0
2025-04-07T17:10:04.222077+00:00 Debian Oval Importer Affected by VCID-y2ff-qfxj-aaar None 36.0.0
2025-04-07T16:11:02.912622+00:00 Debian Oval Importer Fixing VCID-jt53-7yhp-aaab None 36.0.0
2025-04-07T15:22:13.582525+00:00 Debian Oval Importer Affected by VCID-serq-s7kt-aaac None 36.0.0
2025-04-07T14:50:41.877495+00:00 Debian Oval Importer Fixing VCID-3ymg-2hcn-aaak None 36.0.0
2025-04-07T12:18:44.751474+00:00 Debian Oval Importer Fixing VCID-snxv-kdyk-aaap None 36.0.0
2025-04-07T12:15:44.334963+00:00 Debian Oval Importer Affected by VCID-ewma-bdd5-aaaa None 36.0.0
2025-04-07T12:06:57.564440+00:00 Debian Oval Importer Affected by VCID-k73v-pu17-aaaj None 36.0.0
2024-11-29T12:57:40.039819+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-14T19:52:33.420442+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T11:58:17.229374+00:00 Debian Oval Importer Fixing VCID-dta3-8xp3-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1