Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:20731
HistoryJul 08, 2019 - 2:26 p.m.

Cross-site Request Forgery (CSRF)

2019-07-0814:26:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

0.122 Low

EPSS

Percentile

95.4%

apache solr is vulnerable to cross-site request forgery (CSRF). A remote attacker with access to the server could perform HTTP GET requests to any reachable URL on behalf of the user. This is due to the shards parameter not having a corresponding whitelist mechanism, disallowing the server to authenticate the validity of the requests.

CPENameOperatorVersion
apache solr (module: core)le7.6.0

References

0.122 Low

EPSS

Percentile

95.4%