Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-ORGAPACHESOLR-536063
- published 10 Oct 2019
- disclosed 31 Jul 2019
- credit Unknown
How to fix?
org.apache.solr:solr-core to version 8.2.0 or higher.
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It is possible for an attacker to inject external entities through DataImportHandler's
dataConfig parameter which is used for setting the whole DIH configuration when using debug mode of the DIH admin screen.