Lucene search
+L

32 matches found

osv
osv
added 2024/02/09 6:15 p.m.14 views

UBUNTU-CVE-2023-50386

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

8.8CVSS6.8AI score0.8384EPSS
Exploits4References4
vulnrichment
vulnrichment
added 2024/02/09 5:29 p.m.10 views

CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

7.8AI score0.0305EPSS
Exploits0References2
cvelist
cvelist
added 2024/02/09 5:29 p.m.51 views

CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

8AI score0.0305EPSS
Exploits0References2
osv
osv
added 2024/02/09 5:29 p.m.46 views

CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users

Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...

7.5CVSS7.1AI score0.0305EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/02/09 5:28 p.m.30 views

CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

8.2AI score0.8384EPSS
Exploits4References2
cvelist
cvelist
added 2024/02/09 5:28 p.m.49 views

CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

9.1AI score0.8384EPSS
Exploits4References2
ptsecurity
ptsecurity
added 2024/02/09 12:0 a.m.5 views

PT-2024-1943 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.4.0 Description: The issue is related to improper control of dynamically-managed code resources, unrestricted upload of files with dangerous types, and inclusion o...

9CVSS7.5AI score0.8384EPSS
Exploits4References36
osv
osv
added 2019/12/30 5:15 p.m.1 views

DEBIAN-CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS8.3AI score0.98567EPSS
Exploits12References1
osv
osv
added 2019/12/30 5:15 p.m.6 views

UBUNTU-CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

7.5CVSS7.2AI score0.98567EPSS
Exploits12References6
github
github
added 2018/10/17 7:55 p.m.32 views

XML external entity expansion in org.apache.solr:solr-core

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.5CVSS5.2AI score0.09025EPSS
Exploits1References9Affected Software1
osv
osv
added 2018/10/17 7:55 p.m.2 views

GHSA-7PX3-6F6G-HXCJ XML external entity expansion in org.apache.solr:solr-core

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.5CVSS6.4AI score0.09025EPSS
Exploits1References9
prion
prion
added 2018/07/05 2:29 p.m.12 views

Xxe

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

2.1CVSS5.3AI score0.09025EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder