GHSA-5PHW-3JRP-3VJ8 Server-Side Request Forgery in Apache Solr

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

Server side request forgery (ssrf)

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

CVE-2021-27905

CVE-2021-27905 (Solr SSRF) affects Apache Solr versions prior to 8.8.2 where the ReplicationHandler’s masterUrl/leaderUrl parameter can be abused to trigger SSRF. The flaw arises because masterUrl is not sufficiently validated against allowed hosts/schemes, enabling an attacker to cause the serve...

CVE-2021-27905

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

CVE-2021-27905 SSRF vulnerability with the Replication handler

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...