32 matches found
UBUNTU-CVE-2023-50386
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...
CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...
CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...
CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
PT-2024-1943 · Apache · Apache Solr
Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.4.0 Description: The issue is related to improper control of dynamically-managed code resources, unrestricted upload of files with dangerous types, and inclusion o...
DEBIAN-CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
UBUNTU-CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...
XML external entity expansion in org.apache.solr:solr-core
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...
GHSA-7PX3-6F6G-HXCJ XML external entity expansion in org.apache.solr:solr-core
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...
Xxe
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...