QID 980837
QID 980837: Java (maven) Security Update for org.apache.solr:solr-core (GHSA-vrh8-27q8-fr8f)
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-vrh8-27q8-fr8f for updates pertaining to this vulnerability.
Vendor References
- GHSA-vrh8-27q8-fr8f -
github.com/advisories/GHSA-vrh8-27q8-fr8f
CVEs related to QID 980837
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-vrh8-27q8-fr8f | org.apache.solr:solr-core |
|