The DataImportHandler, a popular and widely used module which is used to pull data from databases or other sources, has a vulnerability dataConfig parameter. This parameter is used for configuration of DIH config; since this config can contain scripts, this parameter poses a RCE security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property “enable.dih.dataConfigParam” to true.
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data