Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-50386

🗓️ 09 Feb 2024 17:28:51Reported by apacheType 
cve
 cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 399 Views🌐 WEB

CVE-2023-50386 Apache Solr 6.0.0-8.11.2, 9.0.0-9.4.1 allows unrestricted upload of dangerous file types, enabling execution of untrusted code

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today		Apache Solr Backup/Restore API Remote Code Execution Exploit
24 Apr 202400:00
zdt
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Apache Solr affect watsonx.data
7 Feb 202510:34
ibm
IBM Security Bulletins		Security Bulletin: Multiple Apache Solr Vulerabilities Affect IBM OpenPages
19 Aug 202418:49
ibm
IBM Security Bulletins		Security Bulletin: IBM Operational Decision Manager for March 2024 - Multiple CVEs addressed
9 Apr 202416:32
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affects IBM Operations Analytics - Log Analysis (CVE-2023-50386, CVE-2023-50298, CVE-2023-50292, CVE-2023-50291)
14 Apr 202508:13
ibm
GithubExploit		Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr
29 Feb 202408:57
githubexploit
BDU FSTEC		The vulnerability of the application software interface for backup/restore services provided by the Apache Solr search server allows a hacker to execute arbitrary code within the system.
5 Mar 202400:00
bdu_fstec
Chainguard		CVE-2023-50386 vulnerabilities
9 Feb 202418:15
cgr
Circl		CVE-2023-50386
9 Feb 202419:26
circl
CNNVD		Apache Solr Code Issue Vulnerability
9 Feb 202400:00
cnnvd
Rows per page
NVD
Vulners
Vulnrichment
Node
apachesolrRange6.0.08.11.3
OR
apachesolrRange9.0.09.4.1
[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Solr",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "8.11.2",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.4.1",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
actionquery paramsolr/admin/configsConfigSet upload API to push a malicious config (ZIP) containing crafted Java classes.CWE-913CWE-434
namequery paramsolr/admin/configsConfigSet upload API to push a malicious config (ZIP) containing crafted Java classes.CWE-913CWE-434
actionquery paramsolr/admin/collectionsBackup operation that stores configuration/classes to a location which may be loaded by the ClassLoader.CWE-913CWE-434
collectionquery paramsolr/admin/collectionsBackup operation that stores configuration/classes to a location which may be loaded by the ClassLoader.CWE-913CWE-434
locationquery paramsolr/admin/collectionsBackup operation that stores configuration/classes to a location which may be loaded by the ClassLoader.CWE-913CWE-434
namequery paramsolr/admin/collectionsBackup operation that stores configuration/classes to a location which may be loaded by the ClassLoader.CWE-913CWE-434
actionquery paramsolr/admin/collectionsCreate a collection using a specific configName that can reference uploaded payloads.CWE-913CWE-434
namequery paramsolr/admin/collectionsCreate a collection using a specific configName that can reference uploaded payloads.CWE-913CWE-434
collection.configNamequery paramsolr/admin/collectionsCreate a collection using a specific configName that can reference uploaded payloads.CWE-913CWE-434
wtquery paramsolr/admin/collectionsCreate a collection using a specific configName that can reference uploaded payloads.CWE-913CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 06:39Current
8.2High risk
Vulners AI Score8.2
CVSS 3.18.8
EPSS0.8384
SSVC
CWE-913CWE-434
cve202350386apache solrvulnerabilitysecurityfile uploadcode executionbackupauthorizationupgradenvd
399