16 matches found
Exploit for CVE-2026-22444
CVE-2026-22444 Apache Solr UNC Path Validation Vulnerability...
EUVD-2018-0681
Malware in sbrugna...
EUVD-2018-0539
Malware in sbrugna...
EUVD-2018-0485
Malicious code in bioql PyPI...
EUVD-2022-3029
Malicious code in bioql PyPI...
EUVD-2022-3336
Malicious code in bioql PyPI...
EUVD-2022-0662
Malicious code in bioql PyPI...
Security Bulletin: Vulnerability in Apache Solr (lucene), Apache ZooKeeper and Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-9823, CVE-2024-47554)
Summary There is a potential denial of service with Apache Commons IO, Eclipse Jetty that affect Apache Solr lucene, Apache ZooKeeper and Logstash used by IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty'...
USN-7283-1: Apache Solr vulnerability
It was discovered that the Apache Solr DataImportHandler module incorrectly handled certain request parameters in a default configuration. A remote attacker could possibly use this issue to execute arbitrary code...
GHSA-4P5M-GVPF-F3X5 Apache Solr Relative Path Traversal vulnerability
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...
Apache Solr Relative Path Traversal vulnerability
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...
CVE-2024-45217
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...
UBUNTU-CVE-2023-50292
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...
CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...
Apache Solr 1.3.0 <= 7.6.0 Server Side Request Forgery
Server Side Request Forgery in Apache Solr, versions 1.3.0 until 7.6.0 inclusive. A remote, unauthenticated attacker can use the 'shards' parameter to make a HTTP GET request to any reachable web server; as this does not use any applicable whitelist or URL validation. Note that the scanner has no...
Xxe
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...