Vulnerability	Vulnerable Version
M Directory Traversal org.apache.solr:solr-velocity is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Directory Traversal. In `SolrResourceLoader` attackers are able to read arbitrary files via a `..` (dot dot) or full pathname in the `tr` parameter to `solr/select/`, when the response writer (`wt` parameter) is set to `XSLT`. NOTE: this can be leveraged using a separate XXE (XML External Entity) vulnerability to allow access to files across restricted network boundaries. How to fix Directory Traversal? Upgrade `org.apache.solr:solr-velocity` to version 4.6.0 or higher.	[,4.6.0)

Directory Traversal

org.apache.solr:solr-velocity is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Directory Traversal. In SolrResourceLoader attackers are able to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML External Entity) vulnerability to allow access to files across restricted network boundaries.

How to fix Directory Traversal?

Upgrade org.apache.solr:solr-velocity to version 4.6.0 or higher.

[,4.6.0)

Go back to all versions of this package