In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Remote Code Execution (RCE) vulnerabilities in an interactive lesson.
Start learningUpgrade org.apache.solr:solr-core
to version 7.1.0 or higher.
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene
Affected versions of this package are vulnerable to Remote Code Execution (RCE). One can issue a HTTP request parameter stream.body
which Solr will interpret as body content on the request, i.e. act as a POST request. This is useful for development and testing but can pose a security risk in production since users/clients with permission to GET on various endpoints can also post by using stream.body
. The classic example is &stream.body=<delete><query>:</query></delete>
. Furthermore, this feature cannot be turned off by configuration as it is not controlled by enableRemoteStreaming
.