org.apache.solr:solr-core@5.2.1 vulnerabilities
-
latest version
9.7.0
-
latest non vulnerable version
-
first published
16 years ago
-
latest version published
a month ago
-
licenses detected
- [1.3.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.solr:solr-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Improper Input Validation in How to fix Improper Input Validation? Upgrade |
[0,8.11.1)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Remote Code Execution (RCE). One can issue a HTTP request parameter How to fix Remote Code Execution (RCE)? Upgrade |
[,7.1.0)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). The How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,8.8.2)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Access Restriction Bypass. When using How to fix Access Restriction Bypass? Upgrade |
[,8.8.2)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Information Exposure. When starting How to fix Information Exposure? Upgrade |
[,8.8.2)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Arbitrary File Access. The Replication handler allows commands backup, restore and deleteBackup that take unvalidated alocation parameter, i.e you could read/write to any location the solr user can access. Launching SMB attacks which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LMhashes). In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution. How to fix Arbitrary File Access? Upgrade |
[,8.6.0)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It is possible for an attacker to inject external entities through DataImportHandler's How to fix XML External Entity (XXE) Injection? Upgrade |
[,8.2.0)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). The How to fix Server-side Request Forgery (SSRF)? Upgrade |
[1.3.0,7.6.0)
|
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Deserialization of Untrusted Data.
ConfigAPI allows to set a How to fix Deserialization of Untrusted Data? Upgrade |
[5.0.0,7.0.0)
|
org.apache.solr:solr-core is an enterprise search platform written using Apache Lucene. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It can be used as XXE using the How to fix XML External Entity (XXE) Injection? Upgrade |
[,6.6.5)
[7.0.0,7.4.0)
|
Affected versions of this package are vulnerable to Directory Traversal attacks. The Index Replication feature supports an HTTP API, but does not validate the |
[1.4.0,5.5.4)
[6.0.0,6.4.1)
|