VYPR
High severityNVD Advisory· Published Apr 13, 2021· Updated Aug 3, 2024

SSRF vulnerability with the Replication handler

CVE-2021-27905

Description

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.solr:solr-parentMaven
< 8.8.28.8.2

Affected products

3

Patches

Vulnerability mechanics

References

25

News mentions

0

No linked articles in our index yet.