Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheSolr*

8 matches found

CVE
CVEadded 2023/10/10 12:0 a.m.5272 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wildWeb
CVE
CVEadded 2019/08/01 1:48 p.m.1182 views

CVE-2019-0193

CVE-2019-0193 affects Apache Solr via the DataImportHandler (DIH) module. The vulnerability arises because DIH can read a request parameter dataConfig containing a DIH configuration, which can include scripts, enabling code injection. The issue is mitigated by requiring enabling the Java system p...

9CVSS6.8AI score0.83547EPSS
In wild
CVE
CVEadded 2021/04/13 6:35 a.m.328 views

CVE-2021-27905

CVE-2021-27905 (Solr SSRF) affects Apache Solr versions prior to 8.8.2 where the ReplicationHandler’s masterUrl/leaderUrl parameter can be abused to trigger SSRF. The flaw arises because masterUrl is not sufficiently validated against allowed hosts/schemes, enabling an attacker to cause the serve...

9.8CVSS9.1AI score0.93053EPSS
In wildWeb
CVE
CVEadded 2020/08/17 12:16 p.m.168 views

CVE-2020-13941

CVE-2020-13941 concerns Apache Solr’s replication handler. The vulnerability arises because the backup, restore, and deleteBackup HTTP API commands accept a location parameter that was not validated, enabling read/write access to any location the solr user can access. Multiple sources note this w...

8.8CVSS8.6AI score0.03805EPSS
CVE
CVEadded 2021/04/13 6:35 a.m.162 views

CVE-2021-29943

CVE-2021-29943 affects Apache Solr: when using ConfigurableInternodeAuthHadoopPlugin for authentication, Solr versions prior to 8.8.2 forwarded distributed requests using server credentials instead of the original client credentials. This mis-credentialing leads to incorrect authorization resolut...

9.1CVSS9.1AI score0.05263EPSS
CVE
CVEadded 2021/04/13 6:35 a.m.158 views

CVE-2021-29262

CVE-2021-29262 affects Apache Solr

7.5CVSS7.4AI score0.07805EPSS
CVE
CVEadded 2021/12/23 8:55 a.m.135 views

CVE-2021-44548

The CVE-2021-44548 entry describes an information-disclosure vulnerability in Apache Solr’s DataImportHandler that allows a Windows UNC path to trigger SMB network calls from the Solr host. Affected: Solr versions prior to 8.11.1 on Windows. Impact (as stated): potential exfiltration of sensitive...

9.8CVSS9.6AI score0.05087EPSS
CVE
CVEadded 2025/01/27 8:58 a.m.110 views

CVE-2025-24814

Summary of CVE-2025-24814 (Apache Solr): Solr instances using FileSystemConfigSetService (default in standalone or user-managed mode) and lacking authentication/authorization are vulnerable to privilege escalation where replacement of trusted configset files can be treated as trusted. This can al...

5.5CVSS7.2AI score0.01136EPSS