VYPR

Maven package

org.apache.solr/solr-parent

pkg:maven/org.apache.solr/solr-parent

Vulnerabilities (6)

  • CVE-2021-44548Dec 23, 2021
    affected < 8.11.1fixed 8.11.1

    An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may

  • CVE-2021-29943Apr 13, 2021
    affected < 8.8.2fixed 8.8.2

    When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiv

  • CVE-2021-27905Apr 13, 2021
    affected < 8.8.2fixed 8.8.2

    The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a

  • CVE-2020-13957Oct 13, 2020
    affected >= 6.6.0, < 8.6.3fixed 8.6.3

    Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to

  • CVE-2020-13941Aug 17, 2020
    affected < 8.6.0fixed 8.6.0

    Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBack

  • CVE-2018-11802MedApr 1, 2020
    affected >= 7.0.0, < 7.7.0fixed 7.7.0

    In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr