Maven package
org.apache.solr/solr
pkg:maven/org.apache.solr/solr
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45217 | — | >= 6.6.0, < 8.11.4 | 8.11.4 | Oct 16, 2024 | Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the | ||
| CVE-2024-45216 | — | >= 5.3.0, < 8.11.4 | 8.11.4 | Oct 16, 2024 | Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests t | ||
| CVE-2015-8796 | Med | 6.1 | < 5.3 | 5.3 | Feb 15, 2016 | Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. | |
| CVE-2014-3628 | — | >= 4.0.0, < 4.10.3 | 4.10.3 | Jan 6, 2015 | Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object. |
- CVE-2024-45217Oct 16, 2024affected >= 6.6.0, < 8.11.4fixed 8.11.4
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the
- CVE-2024-45216Oct 16, 2024affected >= 5.3.0, < 8.11.4fixed 8.11.4
Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests t
- affected < 5.3fixed 5.3
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
- CVE-2014-3628Jan 6, 2015affected >= 4.0.0, < 4.10.3fixed 4.10.3
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object.