Max CVSS 9.0 Min CVSS 4.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-17558 4.6
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined
20-02-2022 - 06:42 30-12-2019 - 17:15
CVE-2019-0193 9.0
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH adm
30-07-2021 - 14:15 01-08-2019 - 14:15
CVE-2020-13941 6.5
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler ( allows commands
25-03-2021 - 01:15 17-08-2020 - 13:15
CVE-2017-3164 5.0
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to
09-12-2020 - 11:15 08-03-2019 - 21:29
CVE-2019-0192 7.5
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trig
09-12-2020 - 11:15 07-03-2019 - 21:29
Back to Top Mark selected
Back to Top