Search for packages
| purl | pkg:maven/org.apache.solr/solr-core@8.8.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-83s4-swg3-aaar
Aliases: CVE-2023-50386 GHSA-37vr-vmg4-jwpw |
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-9p2g-hkq3-aaan
Aliases: CVE-2021-44548 GHSA-pccr-q7v9-5f27 |
Improper Input Validation and Path Traversal in Apache Solr |
Affected by 6 other vulnerabilities. |
|
VCID-ehev-gt43-aaag
Aliases: CVE-2021-28163 GHSA-j6qj-j888-vvgq |
Directory exposure in jetty |
Affected by 6 other vulnerabilities. |
|
VCID-fkew-f1ez-aaaq
Aliases: CVE-2023-50291 GHSA-3hwc-rqwp-v36q |
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies |
Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-mgtc-1e6f-3bhg
Aliases: CVE-2024-52012 GHSA-4p5m-gvpf-f3x5 |
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. |
Affected by 0 other vulnerabilities. |
|
VCID-vj8s-sv5u-aaaf
Aliases: CVE-2023-50298 GHSA-xrj7-x7gp-wwqr |
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-vjex-gw45-aaae
Aliases: CVE-2021-27905 GHSA-5phw-3jrp-3vj8 |
Server-Side Request Forgery in Apache Solr |
Affected by 6 other vulnerabilities. |
|
VCID-x36d-pdgz-aaag
Aliases: CVE-2021-29262 GHSA-jgcr-fg3g-qvw8 |
Improper permission handling in Apache Solr |
Affected by 6 other vulnerabilities. |
|
VCID-x6bt-nsqt-gfg2
Aliases: CVE-2025-24814 GHSA-68r2-fwcg-qpm8 |
solr: org.apache.solr: Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files |
Affected by 0 other vulnerabilities. |
|
VCID-x7h2-x9cc-aaan
Aliases: CVE-2021-29943 GHSA-vf7p-j8x6-xvwp |
Incorrect Authorization in Apache Solr |
Affected by 6 other vulnerabilities. |
|
VCID-z6zz-u5hj-aaaf
Aliases: CVE-2020-27223 GHSA-m394-8rww-3jr7 |
DOS vulnerability for Quoted Quality CSV headers |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||