org.apache.solr%3Asolr-core@7.1.0 vulnerabilities
-
latest version
9.5.0
-
latest non vulnerable version
-
first published
16 years ago
-
latest version published
3 months ago
-
licenses detected
- [1.3.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.solr%3Asolr-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to the use of a How to fix Exposure of Sensitive Information to an Unauthorized Actor? Upgrade |
[6.0.0,8.11.3)
[9.0.0,9.4.1)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type due to the Note: This vulnerability is most severe when Authorization is not enabled, which is strongly recommended against. With Authorization enabled it is limited to extending the Backup permissions with the ability to add libraries. How to fix Unrestricted Upload of File with Dangerous Type? Upgrade |
[6.0.0,8.11.3)
[9.0.0,9.4.1)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to system property redaction logic inconsistencies. An attacker can access sensitive information, such as credentials for basic authentication or AWS secret keys, by exploiting the How to fix Insufficiently Protected Credentials? Upgrade |
[6.0.0,8.11.3)
[9.0.0,9.3.0)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Improper Input Validation in How to fix Improper Input Validation? Upgrade |
[0,8.11.1)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). The How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,8.8.2)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Access Restriction Bypass. When using How to fix Access Restriction Bypass? Upgrade |
[,8.8.2)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Information Exposure. When starting How to fix Information Exposure? Upgrade |
[,8.8.2)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Remote Code Execution (RCE). Features considered dangerous (which could be used for remote code execution) can be configured in a How to fix Remote Code Execution (RCE)? Upgrade |
[6.6.0,8.6.3)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Arbitrary File Access. The Replication handler allows commands backup, restore and deleteBackup that take unvalidated alocation parameter, i.e you could read/write to any location the solr user can access. Launching SMB attacks which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LMhashes). In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution. How to fix Arbitrary File Access? Upgrade |
[,8.6.0)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Authentication Bypass. In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr that use the default authorization mechanism of Solr How to fix Authentication Bypass? Upgrade |
[6.0.0,6.6.6)
[7.0.0,7.7.0)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It is possible for an attacker to inject external entities through DataImportHandler's How to fix XML External Entity (XXE) Injection? Upgrade |
[,8.2.0)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). The How to fix Server-side Request Forgery (SSRF)? Upgrade |
[1.3.0,7.6.0)
|
org.apache.solr:solr-core is an enterprise search platform written using Apache Lucene. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It can be used as XXE using the How to fix XML External Entity (XXE) Injection? Upgrade |
[,6.6.5)
[7.0.0,7.4.0)
|
org.apache.solr:solr-core is a text search engine library written in Java. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the How to fix XML External Entity (XXE) Injection? Upgrade |
[6.0.0,6.6.4)
[7.0.0,7.3.1)
|