Search for packages
| purl | pkg:maven/org.apache.solr/solr-core@5.5.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6jkd-b9sn-aaak
Aliases: CVE-2017-9803 GHSA-f553-j2gv-g5r9 |
Privilege escalation Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using `SecurityAwareZkACLProvider` type of ACL provider e.g. `SaslZkACLProvider`). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. |
Affected by 20 other vulnerabilities. |
|
VCID-9p2g-hkq3-aaan
Aliases: CVE-2021-44548 GHSA-pccr-q7v9-5f27 |
Improper Input Validation and Path Traversal in Apache Solr |
Affected by 6 other vulnerabilities. |
|
VCID-cwan-4pbv-aaab
Aliases: CVE-2020-13941 GHSA-2467-h365-j7hm |
Improper Input Validation in Apache Solr |
Affected by 11 other vulnerabilities. |
|
VCID-ewma-bdd5-aaaa
Aliases: CVE-2018-1308 GHSA-3pph-2595-cgfh |
There is a XML external entity expansion (XXE) vulnerability in Apache Solr |
Affected by 18 other vulnerabilities. Affected by 18 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-g4qe-zn5z-aaaf
Aliases: CVE-2018-11802 GHSA-j346-h5wc-rw2m |
Incorrect Authorization in Apache Solr |
Affected by 13 other vulnerabilities. |
|
VCID-pg64-q2mr-aaam
Aliases: CVE-2019-17558 GHSA-ww97-9w65-2crx |
Improper Input Validation in Apache Solr |
Affected by 12 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-serq-s7kt-aaac
Aliases: CVE-2019-0193 GHSA-3gm7-v7vw-866c |
XML External Entity (XXE) Injection in Apache Solr |
Affected by 13 other vulnerabilities. |
|
VCID-vjex-gw45-aaae
Aliases: CVE-2021-27905 GHSA-5phw-3jrp-3vj8 |
Server-Side Request Forgery in Apache Solr |
Affected by 6 other vulnerabilities. |
|
VCID-wgyv-8paq-aaaf
Aliases: CVE-2019-0192 GHSA-xhcq-fv7x-grr2 |
Critical severity vulnerability that affects org.apache.solr:solr-core |
Affected by 15 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-x36d-pdgz-aaag
Aliases: CVE-2021-29262 GHSA-jgcr-fg3g-qvw8 |
Improper permission handling in Apache Solr |
Affected by 6 other vulnerabilities. |
|
VCID-x6bt-nsqt-gfg2
Aliases: CVE-2025-24814 GHSA-68r2-fwcg-qpm8 |
solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files |
Affected by 0 other vulnerabilities. |
|
VCID-x7h2-x9cc-aaan
Aliases: CVE-2021-29943 GHSA-vf7p-j8x6-xvwp |
Incorrect Authorization in Apache Solr |
Affected by 6 other vulnerabilities. |
|
VCID-yd1p-sfe9-aaam
Aliases: CVE-2017-3164 GHSA-vrh8-27q8-fr8f |
Low severity vulnerability that affects org.apache.solr:solr-core |
Affected by 13 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2bhr-9hej-aaas | Security Vulnerability in secure inter-node communication This package uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either `HttpClientInterceptorPlugin` or `HttpClientBuilderPlugin`, his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. |
CVE-2017-7660
GHSA-c82r-qg3w-q5mv |
| VCID-y2ff-qfxj-aaar | Remote code execution occurs in Apache Solr |
CVE-2017-12629
GHSA-mh7g-99w9-xpjm |