Remote Code Execution (RCE) Affecting org.apache.solr:solr-core package, versions [,7.1.0)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Remote Code Execution (RCE) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JAVA-ORGAPACHESOLR-1296115
  • published21 May 2021
  • disclosed21 May 2021
  • creditJan Hoydahl

Introduced: 21 May 2021

CVE NOT AVAILABLE CWE-94  (opens in a new tab)

How to fix?

Upgrade org.apache.solr:solr-core to version 7.1.0 or higher.

Overview

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Remote Code Execution (RCE). One can issue a HTTP request parameter stream.body which Solr will interpret as body content on the request, i.e. act as a POST request. This is useful for development and testing but can pose a security risk in production since users/clients with permission to GET on various endpoints can also post by using stream.body. The classic example is &stream.body=<delete><query>:</query></delete>. Furthermore, this feature cannot be turned off by configuration as it is not controlled by enableRemoteStreaming.

CVSS Scores

version 3.1