VYPR
High severity7.5NVD Advisory· Published Apr 9, 2018· Updated Jun 17, 2026

CVE-2018-1308

CVE-2018-1308

Description

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.solr:solr-coreMaven
>= 1.2, < 6.6.36.6.3
org.apache.solr:solr-coreMaven
>= 7.0.0, < 7.3.07.3.0

Affected products

2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.