| Max CVSS | 9.0 | Min CVSS | 4.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-17558 | 4.6 |
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined
|
20-02-2022 - 06:42 | 30-12-2019 - 17:15 | |
| CVE-2019-0193 | 9.0 |
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH adm
|
30-07-2021 - 14:15 | 01-08-2019 - 14:15 | |
| CVE-2020-13941 | 6.5 |
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands
|
25-03-2021 - 01:15 | 17-08-2020 - 13:15 | |
| CVE-2017-3164 | 5.0 |
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to
|
09-12-2020 - 11:15 | 08-03-2019 - 21:29 | |
| CVE-2019-0192 | 7.5 |
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trig
|
09-12-2020 - 11:15 | 07-03-2019 - 21:29 |