pkg:maven/org.apache.solr/solr-core
Type
maven
Namespace
org.apache.solr
Name
solr-core
Known advisories, vulnerabilities and fixes for org.apache.solr/solr-core package.
Critical
3
High
9
Moderate
12
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 8.1.1, <= 8.2.0 |
CVE-2019-12409
|
MAVEN:GHSA-2289-PQFQ-6WX7 | Unrestricted upload of file with dangerous type in Apache Solr | critical |
2020-01-28T22:26:54
(4 years ago) |
|
Fixed | = 8.3.0 |
CVE-2019-12409
|
MAVEN:GHSA-2289-PQFQ-6WX7 | Unrestricted upload of file with dangerous type in Apache Solr | critical |
2020-01-28T22:26:54
(4 years ago) |
|
Affected | >= 9.0.0, < 9.4.1 >= 6.0.0, < 8.11.3 |
CVE-2023-50386
|
MAVEN:GHSA-37VR-VMG4-JWPW | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets | moderate |
2024-02-09T18:31:07
(7 months ago) |
|
Fixed | = 9.4.1 = 8.11.3 |
CVE-2023-50386
|
MAVEN:GHSA-37VR-VMG4-JWPW | Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets | moderate |
2024-02-09T18:31:07
(7 months ago) |
|
Affected | >= 6.0.0, < 6.4.1 < 5.5.4 |
CVE-2017-3163
|
MAVEN:GHSA-387V-84CV-9QMC | Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core | high |
2018-10-18T16:40:43
(6 years ago) |
|
Fixed | = 6.4.1 = 5.5.4 |
CVE-2017-3163
|
MAVEN:GHSA-387V-84CV-9QMC | Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core | high |
2018-10-18T16:40:43
(6 years ago) |
|
Affected | < 8.2.0 |
CVE-2019-0193
|
MAVEN:GHSA-3GM7-V7VW-866C | XML External Entity (XXE) Injection in Apache Solr | high |
2019-08-01T19:17:35
(5 years ago) |
|
Fixed | = 8.2.0 |
CVE-2019-0193
|
MAVEN:GHSA-3GM7-V7VW-866C | XML External Entity (XXE) Injection in Apache Solr | high |
2019-08-01T19:17:35
(5 years ago) |
|
Affected | >= 9.0.0, < 9.3.0 >= 6.0.0, < 8.11.3 |
CVE-2023-50291
|
MAVEN:GHSA-3HWC-RQWP-V36Q | Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies | moderate |
2024-02-09T18:31:07
(7 months ago) |
|
Fixed | = 9.3.0 = 8.11.3 |
CVE-2023-50291
|
MAVEN:GHSA-3HWC-RQWP-V36Q | Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies | moderate |
2024-02-09T18:31:07
(7 months ago) |
|
Affected | >= 7.0.0, < 7.2.1 >= 1.2, < 6.6.3 |
CVE-2018-1308
|
MAVEN:GHSA-3PPH-2595-CGFH | There is a XML external entity expansion (XXE) vulnerability in Apache Solr | high |
2018-10-17T19:55:46
(6 years ago) |
|
Fixed | = 7.2.1 = 6.6.3 |
CVE-2018-1308
|
MAVEN:GHSA-3PPH-2595-CGFH | There is a XML external entity expansion (XXE) vulnerability in Apache Solr | high |
2018-10-17T19:55:46
(6 years ago) |
|
Affected | < 4.3.1 |
CVE-2013-6408
|
MAVEN:GHSA-45W3-2HVV-PFXQ | XML Injection in Apache Solr | moderate |
2022-05-17T04:39:49
(2 years ago) |
|
Fixed | = 4.3.1 |
CVE-2013-6408
|
MAVEN:GHSA-45W3-2HVV-PFXQ | XML Injection in Apache Solr | moderate |
2022-05-17T04:39:49
(2 years ago) |
|
Affected | >= 8.10.0, < 8.11.3 >= 9.0.0, < 9.3.0 |
CVE-2023-50292
|
MAVEN:GHSA-4WXW-42WX-2WFX | Apache Solr Schema Designer blindly "trusts" all configsets | low |
2024-02-09T18:31:07
(7 months ago) |
|
Fixed | = 8.11.3 = 9.3.0 |
CVE-2023-50292
|
MAVEN:GHSA-4WXW-42WX-2WFX | Apache Solr Schema Designer blindly "trusts" all configsets | low |
2024-02-09T18:31:07
(7 months ago) |
|
Affected | < 4.1.0 |
CVE-2012-6612
|
MAVEN:GHSA-6CPJ-3G83-Q2J4 | Improper Restriction of XML External Entity Reference in Apache Solr | high |
2022-05-17T04:50:16
(2 years ago) |
|
Fixed | = 4.1.0 |
CVE-2012-6612
|
MAVEN:GHSA-6CPJ-3G83-Q2J4 | Improper Restriction of XML External Entity Reference in Apache Solr | high |
2022-05-17T04:50:16
(2 years ago) |
|
Affected | >= 7.0.0, < 7.4.0 >= 6.0.0, < 6.6.5 |
CVE-2018-8026
|
MAVEN:GHSA-7PX3-6F6G-HXCJ | XML external entity expansion in org.apache.solr:solr-core | moderate |
2018-10-17T19:55:34
(6 years ago) |
|
Fixed | = 7.4.0 = 6.6.5 |
CVE-2018-8026
|
MAVEN:GHSA-7PX3-6F6G-HXCJ | XML external entity expansion in org.apache.solr:solr-core | moderate |
2018-10-17T19:55:34
(6 years ago) |
|
Affected | < 4.1.0 |
CVE-2013-6407
|
MAVEN:GHSA-998J-J6V9-5846 | Apache Solr UpdateRequestHandler for XML resolves XML External Entities | moderate |
2022-05-17T04:39:49
(2 years ago) |
|
Fixed | = 4.1.0 |
CVE-2013-6407
|
MAVEN:GHSA-998J-J6V9-5846 | Apache Solr UpdateRequestHandler for XML resolves XML External Entities | moderate |
2022-05-17T04:39:49
(2 years ago) |
|
Affected | >= 6.0.0, < 6.6.0 >= 5.3.0, < 5.5.5 |
CVE-2017-7660
|
MAVEN:GHSA-C82R-QG3W-Q5MV | Apache Solr insecure inter-node communication | high |
2022-05-14T01:56:08
(2 years ago) |
|
Fixed | = 6.6.0 = 5.5.5 |
CVE-2017-7660
|
MAVEN:GHSA-C82R-QG3W-Q5MV | Apache Solr insecure inter-node communication | high |
2022-05-14T01:56:08
(2 years ago) |
|
Affected | >= 6.2.0, < 6.6.1 |
CVE-2017-9803
|
MAVEN:GHSA-F553-J2GV-G5R9 | Apache Solr Kerberos delegation token functionality flaws | high |
2022-05-14T01:23:18
(2 years ago) |
|
Fixed | = 6.6.1 |
CVE-2017-9803
|
MAVEN:GHSA-F553-J2GV-G5R9 | Apache Solr Kerberos delegation token functionality flaws | high |
2022-05-14T01:23:18
(2 years ago) |
|
Affected | >= 9.0.0, < 9.3.0 |
CVE-2023-50290
|
MAVEN:GHSA-GG7W-PW2R-X2CQ | Apache Solr allows read access to host environmet variables | moderate |
2024-01-15T12:30:19
(8 months ago) |
|
Fixed | = 9.3.0 |
CVE-2023-50290
|
MAVEN:GHSA-GG7W-PW2R-X2CQ | Apache Solr allows read access to host environmet variables | moderate |
2024-01-15T12:30:19
(8 months ago) |
|
Affected | < 7.7.0 |
CVE-2018-11802
|
MAVEN:GHSA-J346-H5WC-RW2M | Incorrect Authorization in Apache Solr | moderate |
2022-02-09T23:19:26
(2 years ago) |
|
Fixed | = 7.7.0 |
CVE-2018-11802
|
MAVEN:GHSA-J346-H5WC-RW2M | Incorrect Authorization in Apache Solr | moderate |
2022-02-09T23:19:26
(2 years ago) |
|
Affected | < 4.6.0 |
CVE-2013-6397
|
MAVEN:GHSA-J8QW-MWMV-28CG | Improper Limitation of a Pathname to a Restricted Directory in Apache Solr | moderate |
2022-05-17T04:04:29
(2 years ago) |
|
Fixed | = 4.6.0 |
CVE-2013-6397
|
MAVEN:GHSA-J8QW-MWMV-28CG | Improper Limitation of a Pathname to a Restricted Directory in Apache Solr | moderate |
2022-05-17T04:04:29
(2 years ago) |
|
Affected | < 8.8.2 |
CVE-2021-29262
|
MAVEN:GHSA-JGCR-FG3G-QVW8 | Improper permission handling in Apache Solr | high |
2021-05-10T15:18:17
(3 years ago) |
|
Fixed | = 8.8.2 |
CVE-2021-29262
|
MAVEN:GHSA-JGCR-FG3G-QVW8 | Improper permission handling in Apache Solr | high |
2021-05-10T15:18:17
(3 years ago) |
|
Affected | < 5.0.0 |
CVE-2019-12401
|
MAVEN:GHSA-JQ2W-W7V2-69Q5 | Apache Solr vulnerable to XML Bomb | high |
2022-05-24T22:00:29
(2 years ago) |
|
Fixed | = 5.0.0 |
CVE-2019-12401
|
MAVEN:GHSA-JQ2W-W7V2-69Q5 | Apache Solr vulnerable to XML Bomb | high |
2022-05-24T22:00:29
(2 years ago) |
|
Affected | >= 5.5.0, < 5.5.5 >= 6.0.0, < 6.6.2 >= 7.0.0, < 7.1.0 |
CVE-2017-12629
|
MAVEN:GHSA-MH7G-99W9-XPJM | Remote code execution occurs in Apache Solr | critical |
2018-10-17T19:56:17
(6 years ago) |
|
Fixed | = 5.5.5 = 6.6.2 = 7.1.0 |
CVE-2017-12629
|
MAVEN:GHSA-MH7G-99W9-XPJM | Remote code execution occurs in Apache Solr | critical |
2018-10-17T19:56:17
(6 years ago) |
|
Affected | < 5.1.0 |
CVE-2015-8795
|
MAVEN:GHSA-MX2H-HF7J-2X3P | Improper Neutralization of Input During Web Page Generation in Apache Solr | moderate |
2022-05-17T03:59:03
(2 years ago) |
|
Fixed | = 5.1.0 |
CVE-2015-8795
|
MAVEN:GHSA-MX2H-HF7J-2X3P | Improper Neutralization of Input During Web Page Generation in Apache Solr | moderate |
2022-05-17T03:59:03
(2 years ago) |
|
Affected | >= 7.0.0, < 7.3.1 >= 6.6.0, < 6.6.4 |
CVE-2018-8010
|
MAVEN:GHSA-RC9V-H28F-JCMF | There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files | moderate |
2018-10-17T19:56:04
(6 years ago) |
|
Fixed | = 7.3.1 = 6.6.4 |
CVE-2018-8010
|
MAVEN:GHSA-RC9V-H28F-JCMF | There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files | moderate |
2018-10-17T19:56:04
(6 years ago) |
|
Affected | <= 5.3.0 |
CVE-2015-8797
|
MAVEN:GHSA-V6GF-X8FP-532V | Improper Neutralization of Input During Web Page Generation in Apache Solr | moderate |
2022-05-17T03:58:49
(2 years ago) |
|
Fixed | = 5.3.1 |
CVE-2015-8797
|
MAVEN:GHSA-V6GF-X8FP-532V | Improper Neutralization of Input During Web Page Generation in Apache Solr | moderate |
2022-05-17T03:58:49
(2 years ago) |
|
Affected | >= 1.30, <= 7.6.0 |
CVE-2017-3164
|
MAVEN:GHSA-VRH8-27Q8-FR8F | Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core | high |
2019-03-14T15:39:56
(5 years ago) |
|
Fixed | = 7.7.0 |
CVE-2017-3164
|
MAVEN:GHSA-VRH8-27Q8-FR8F | Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core | high |
2019-03-14T15:39:56
(5 years ago) |
|
Affected | >= 8.0.0, <= 8.3.1 >= 7.0.0, <= 7.7.2 >= 6.0.0, <= 6.6.6 >= 5.0.0, <= 5.5.5 |
CVE-2019-17558
|
MAVEN:GHSA-WW97-9W65-2CRX | Improper Input Validation in Apache Solr | moderate |
2020-02-12T18:45:28
(4 years ago) |
|
Fixed | = 8.4.0 |
CVE-2019-17558
|
MAVEN:GHSA-WW97-9W65-2CRX | Improper Input Validation in Apache Solr | moderate |
2020-02-12T18:45:28
(4 years ago) |
|
Affected | >= 6.0.0, <= 6.6.5 >= 5.0.0, <= 5.5.5 |
CVE-2019-0192
|
MAVEN:GHSA-XHCQ-FV7X-GRR2 | Critical severity vulnerability that affects org.apache.solr:solr-core | critical |
2019-03-14T15:39:45
(5 years ago) |
|
Fixed | = 7.0.0 |
CVE-2019-0192
|
MAVEN:GHSA-XHCQ-FV7X-GRR2 | Critical severity vulnerability that affects org.apache.solr:solr-core | critical |
2019-03-14T15:39:45
(5 years ago) |