Maven package
org.apache.solr/solr-parent
pkg:maven/org.apache.solr/solr-parent
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44548 | — | < 8.11.1 | 8.11.1 | Dec 23, 2021 | An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may | ||
| CVE-2021-29943 | — | < 8.8.2 | 8.8.2 | Apr 13, 2021 | When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiv | ||
| CVE-2021-27905 | — | < 8.8.2 | 8.8.2 | Apr 13, 2021 | The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a | ||
| CVE-2020-13957 | — | >= 6.6.0, < 8.6.3 | 8.6.3 | Oct 13, 2020 | Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to | ||
| CVE-2020-13941 | — | < 8.6.0 | 8.6.0 | Aug 17, 2020 | Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBack | ||
| CVE-2018-11802 | Med | 4.3 | >= 7.0.0, < 7.7.0 | 7.7.0 | Apr 1, 2020 | In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr |
- CVE-2021-44548Dec 23, 2021affected < 8.11.1fixed 8.11.1
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may
- CVE-2021-29943Apr 13, 2021affected < 8.8.2fixed 8.8.2
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiv
- CVE-2021-27905Apr 13, 2021affected < 8.8.2fixed 8.8.2
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a
- CVE-2020-13957Oct 13, 2020affected >= 6.6.0, < 8.6.3fixed 8.6.3
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to
- CVE-2020-13941Aug 17, 2020affected < 8.6.0fixed 8.6.0
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBack
- affected >= 7.0.0, < 7.7.0fixed 7.7.0
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr