Homepage
About Snyk

org.apache.solr:solr-velocity@4.0.0-ALPHA vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.solr:solr-velocity package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Directory Traversal

org.apache.solr:solr-velocity is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Directory Traversal. In SolrResourceLoader attackers are able to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML External Entity) vulnerability to allow access to files across restricted network boundaries.

How to fix Directory Traversal?

Upgrade org.apache.solr:solr-velocity to version 4.6.0 or higher.

[,4.6.0)
Go back to all versions of this package