org.apache.solr:solr-core@4.0.0-ALPHA vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.solr:solr-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Denial of Service (DoS) via the update handler. Exploiting this vulnerability is possible by leveraging XML DOCTYPE and ENTITY type elements when the attacker can create a pattern that will expand while the server parses the XML.

How to fix Denial of Service (DoS)?

Upgrade org.apache.solr:solr-core to version 5.0.0 or higher.

[,5.0.0)
  • M
Improper Input Validation

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Improper Input Validation in DataImportHandler, which allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes). In case of misconfigured systems, SMB relay attacks can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution.

How to fix Improper Input Validation?

Upgrade org.apache.solr:solr-core to version 8.11.1 or higher.

[0,8.11.1)
  • M
Remote Code Execution (RCE)

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Remote Code Execution (RCE). One can issue a HTTP request parameter stream.body which Solr will interpret as body content on the request, i.e. act as a POST request. This is useful for development and testing but can pose a security risk in production since users/clients with permission to GET on various endpoints can also post by using stream.body. The classic example is &stream.body=<delete><query>:</query></delete>. Furthermore, this feature cannot be turned off by configuration as it is not controlled by enableRemoteStreaming.

How to fix Remote Code Execution (RCE)?

Upgrade org.apache.solr:solr-core to version 7.1.0 or higher.

[,7.1.0)
  • H
Server-Side Request Forgery (SSRF)

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). The ReplicationHandler (normally registered at /replication under a Solr core) has a masterUrl (also leaderUrl alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. These parameters are not checked against a similar configuration it uses for the shards parameter.

How to fix Server-Side Request Forgery (SSRF)?

Upgrade org.apache.solr:solr-core to version 8.8.2 or higher.

[,8.8.2)
  • M
Access Restriction Bypass

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Access Restriction Bypass. When using ConfigurableInternodeAuthHadoopPlugin for authentication, Solr forwards/proxies distributed requests using server credentials instead of original client credentials. This results in incorrect authorization resolution on the receiving hosts.

How to fix Access Restriction Bypass?

Upgrade org.apache.solr:solr-core to version 8.8.2 or higher.

[,8.8.2)
  • L
Information Exposure

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Information Exposure. When starting Solr, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

How to fix Information Exposure?

Upgrade org.apache.solr:solr-core to version 8.8.2 or higher.

[,8.8.2)
  • M
Arbitrary File Access

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Arbitrary File Access. The Replication handler allows commands backup, restore and deleteBackup that take unvalidated alocation parameter, i.e you could read/write to any location the solr user can access. Launching SMB attacks which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LMhashes). In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution.

How to fix Arbitrary File Access?

Upgrade org.apache.solr:solr-core to version 8.6.0 or higher.

[,8.6.0)
  • H
XML External Entity (XXE) Injection

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It is possible for an attacker to inject external entities through DataImportHandler's dataConfig parameter which is used for setting the whole DIH configuration when using debug mode of the DIH admin screen.

How to fix XML External Entity (XXE) Injection?

Upgrade org.apache.solr:solr-core to version 8.2.0 or higher.

[,8.2.0)
  • M
Server-side Request Forgery (SSRF)

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). The shards parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.apache.solr:solr-core to version 7.6.0 or higher.

[1.3.0,7.6.0)
  • M
XML External Entity (XXE) Injection

org.apache.solr:solr-core is an enterprise search platform written using Apache Lucene.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It can be used as XXE using the file/ftp/http protocols in order to read arbitrary local files from the server or the internal network. The manipulated files can be uploaded as config sets using solr's API, allowing to exploit that vulnerability.

How to fix XML External Entity (XXE) Injection?

Upgrade org.apache.solr:solr-core to versions 6.6.5, 7.4 or higher.

[,6.6.5) [7.0.0,7.4.0)
  • H
Directory Traversal

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene.

Affected versions of this package are vulnerable to Directory Traversal attacks. The Index Replication feature supports an HTTP API, but does not validate the file_name parameter, which is supplied by the user. An attacker can craft a special request and read any file on the server.

[1.4.0,5.5.4) [6.0.0,6.4.1)
  • M
XML External Entity (XXE) Injection

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene.

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

[3.6.1,4.1.0)
  • M
XML External Entity (XXE) Injection

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene.

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

[,4.3.1)
  • H
XML External Entity (XXE) Injection

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene.

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

[,4.1.0)
  • M
Directory Traversal

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Directory Traversal. In SolrResourceLoader attackers are able to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML External Entity) vulnerability to allow access to files across restricted network boundaries.

How to fix Directory Traversal?

Upgrade org.apache.solr:solr-core to version 4.6.0 or higher.

[,4.6.0)