High severityCISA KEVNVD Advisory· Published Aug 1, 2019· Updated Oct 21, 2025

CVE-2019-0193

Description

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.solr:solr-coreMaven	< 8.2.0	8.2.0

Affected products

Apache/Apache Solrv5
Range: Apache Solr all prior to 8.2.0

Patches

02c693f3713a

https://github.com/apache/lucene-solrvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-3gm7-v7vw-866cghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-0193ghsaADVISORY
github.com/apache/lucene-solr/commit/02c693f3713add1b4891cbaa87127de3a55c10f7ghsaWEB
issues.apache.org/jira/browse/SOLR-13669ghsax_refsource_CONFIRMWEB
lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3EghsaWEB
lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc@%3Cusers.solr.apache.org%3EghsaWEB
lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3EghsaWEB
lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314@%3Cusers.solr.apache.org%3EghsaWEB
lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef@%3Cusers.solr.apache.org%3EghsaWEB
lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3EghsaWEB
lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3EghsaWEB
lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3EghsaWEB
lists.debian.org/debian-lts-announce/2019/10/msg00013.htmlghsamailing-listx_refsource_MLISTWEB
lists.debian.org/debian-lts-announce/2020/08/msg00025.htmlghsamailing-listx_refsource_MLISTWEB
snyk.io/vuln/SNYK-JAVA-ORGAPACHESOLR-536063ghsaWEB
www.cisa.gov/known-exploited-vulnerabilities-catalogghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.074
exploit	0.000
kev	0.120
patch	-0.070
ransomware	0.000