Lucene search

K
osvGoogleOSV:CVE-2017-3164
HistoryMar 08, 2019 - 9:29 p.m.

CVE-2017-3164

2019-03-0821:29:00
Google
osv.dev
3

EPSS

0.127

Percentile

95.5%

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the β€œshards” parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

References