Maven package
org.apache.solr/solr-core
pkg:maven/org.apache.solr/solr-core
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22022 | — | >= 5.3.0, < 9.10.1 | 9.10.1 | Jan 21, 2026 | Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the fol | ||
| CVE-2026-22444 | — | >= 8.6.0, < 9.10.1 | 9.10.1 | Jan 21, 2026 | The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting https://https: | ||
| CVE-2025-24814 | — | < 9.8.0 | 9.8.0 | Jan 27, 2025 | Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization | ||
| CVE-2024-52012 | — | >= 6.6, < 9.8.0 | 9.8.0 | Jan 27, 2025 | Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use r | ||
| CVE-2023-50291 | — | >= 6.0.0, < 8.11.3 | 8.11.3 | Feb 9, 2024 | Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide | ||
| CVE-2023-50292 | — | >= 9.0.0, < 9.3.0 | 9.3.0 | Feb 9, 2024 | Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to | ||
| CVE-2023-50386 | — | >= 6.0.0, < 8.11.3 | 8.11.3 | Feb 9, 2024 | Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In t | ||
| CVE-2023-50290 | — | >= 9.0.0, < 9.3.0 | 9.3.0 | Jan 15, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the defaul | ||
| CVE-2021-29262 | — | < 8.8.2 | 8.8.2 | Apr 13, 2021 | When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and woul | ||
| CVE-2020-13957 | — | >= 6.6.0, < 8.6.3 | 8.6.3 | Oct 13, 2020 | Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to | ||
| CVE-2018-11802 | Med | 4.3 | >= 7.0.0, < 7.7.0 | 7.7.0 | Apr 1, 2020 | In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr | |
| CVE-2019-17558 | — | KEV | >= 5.0.0, < 8.4.0 | 8.4.0 | Dec 30, 2019 | Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain rende | |
| CVE-2019-12409 | — | >= 8.1.1, < 8.3.0 | 8.3.0 | Nov 18, 2019 | The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will | ||
| CVE-2019-12401 | — | < 5.0.0 | 5.0.0 | Sep 10, 2019 | Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server | ||
| CVE-2019-0193 | — | KEV | < 8.2.0 | 8.2.0 | Aug 1, 2019 | In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow c | |
| CVE-2017-3164 | — | >= 1.3.0, < 7.7.0 | 7.7.0 | Mar 8, 2019 | Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. | ||
| CVE-2019-0192 | — | >= 5.0.0, < 7.0.0 | 7.0.0 | Mar 7, 2019 | In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on t | ||
| CVE-2018-8026 | — | >= 7.0.0, < 7.4.0 | 7.4.0 | Jul 5, 2018 | This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in thes | ||
| CVE-2018-8010 | — | >= 6.6.0, < 6.6.4 | 6.6.4 | May 21, 2018 | This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar w | ||
| CVE-2018-1308 | — | >= 1.2, < 6.6.3 | 6.6.3 | Apr 9, 2018 | This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files f |
- CVE-2026-22022Jan 21, 2026affected >= 5.3.0, < 9.10.1fixed 9.10.1
Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the fol
- CVE-2026-22444Jan 21, 2026affected >= 8.6.0, < 9.10.1fixed 9.10.1
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting https://https:
- CVE-2025-24814Jan 27, 2025affected < 9.8.0fixed 9.8.0
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization
- CVE-2024-52012Jan 27, 2025affected >= 6.6, < 9.8.0fixed 9.8.0
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use r
- CVE-2023-50291Feb 9, 2024affected >= 6.0.0, < 8.11.3fixed 8.11.3
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide
- CVE-2023-50292Feb 9, 2024affected >= 9.0.0, < 9.3.0fixed 9.3.0
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to
- CVE-2023-50386Feb 9, 2024affected >= 6.0.0, < 8.11.3fixed 8.11.3
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In t
- CVE-2023-50290Jan 15, 2024affected >= 9.0.0, < 9.3.0fixed 9.3.0
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the defaul
- CVE-2021-29262Apr 13, 2021affected < 8.8.2fixed 8.8.2
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and woul
- CVE-2020-13957Oct 13, 2020affected >= 6.6.0, < 8.6.3fixed 8.6.3
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to
- affected >= 7.0.0, < 7.7.0fixed 7.7.0
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr
- affected >= 5.0.0, < 8.4.0fixed 8.4.0
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain rende
- CVE-2019-12409Nov 18, 2019affected >= 8.1.1, < 8.3.0fixed 8.3.0
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will
- CVE-2019-12401Sep 10, 2019affected < 5.0.0fixed 5.0.0
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server
- affected < 8.2.0fixed 8.2.0
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow c
- CVE-2017-3164Mar 8, 2019affected >= 1.3.0, < 7.7.0fixed 7.7.0
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
- CVE-2019-0192Mar 7, 2019affected >= 5.0.0, < 7.0.0fixed 7.0.0
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on t
- CVE-2018-8026Jul 5, 2018affected >= 7.0.0, < 7.4.0fixed 7.4.0
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in thes
- CVE-2018-8010May 21, 2018affected >= 6.6.0, < 6.6.4fixed 6.6.4
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar w
- CVE-2018-1308Apr 9, 2018affected >= 1.2, < 6.6.3fixed 6.6.3
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files f
Page 1 of 2