Goobi viewer - Core 访问控制错误漏洞

Goobi Viewer - Core is a digital data display and browsing web application framework developed by intranda GmbH. In versions 4.8.0 to 26.04.1 of Goobi Viewer - Core, there was an access control vulnerability. This vulnerability stemmed from REST endpoints accepting arbitrary Solr stream expressio...

PT-2026-40722

Name of the Vulnerable Software and Affected Versions Goobi viewer versions 4.8.0 through 26.04.0 Description The REST endpoint "POST /api/v1/index/stream" accepts arbitrary Solr streaming expressions from unauthenticated network clients and forwards them to the backend Solr server without...