The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade org.apache.solr:solr-core
to version 8.11.3, 9.4.1 or higher.
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene
Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor due to the use of a zkHost
parameter that allows users to extract data from other Solr Clouds. When the original SolrCloud is configured to use ZooKeeper credentials and ACLs, these credentials are sent to any zkHost
specified by the user. An attacker could exploit this by setting up a mock ZooKeeper server that accepts ZooKeeper requests with credentials and ACLs to extract sensitive information. Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.