Known Vulnerabilities for Solr by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Solr" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-33813 | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | 7.5 - HIGH | 2021-06-16 | 2023-11-07 |
| CVE-2021-29943 | When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy ... | 9.1 - CRITICAL | 2021-04-13 | 2021-06-08 |
| CVE-2021-29262 | When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACL... | 7.5 - HIGH | 2021-04-13 | 2023-11-07 |
| CVE-2021-28164 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e... | 5.3 - MEDIUM | 2021-04-01 | 2023-11-07 |
| CVE-2021-28163 | In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory tha... | 2.7 - LOW | 2021-04-01 | 2023-11-07 |
| CVE-2021-27905 | The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "lead... | 9.8 - CRITICAL | 2021-04-13 | 2023-11-07 |
| CVE-2020-26939 | In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a p... | 5.3 - MEDIUM | 2020-11-02 | 2023-11-07 |
| CVE-2020-13957 | Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which cou... | 9.8 - CRITICAL | 2020-10-13 | 2023-11-07 |
| CVE-2020-13941 | Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (h... | 8.8 - HIGH | 2020-08-17 | 2023-11-07 |
| CVE-2020-9492 | In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authoriza... | 8.8 - HIGH | 2021-01-26 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Solr | 8.6.3 | All | All | All |
| Application | Apache | Solr | 8.6.2 | All | All | All |
| Application | Apache | Solr | 8.6.1 | All | All | All |
| Application | Apache | Solr | 8.6.0 | All | All | All |
| Application | Apache | Solr | 8.5.2 | All | All | All |
| Application | Apache | Solr | 8.5.1 | All | All | All |
| Application | Apache | Solr | 8.5.0 | All | All | All |
| Application | Apache | Solr | 8.4.1 | All | All | All |
| Application | Apache | Solr | 8.4.0 | All | All | All |
| Application | Apache | Solr | 8.3.1 | All | All | All |
| Application | Apache | Solr | 8.3.0 | All | All | All |
| Application | Apache | Solr | 8.2.0 | All | All | All |
| Application | Apache | Solr | 8.1.1 | All | All | All |
| Application | Apache | Solr | 8.1.0 | All | All | All |
| Application | Apache | Solr | 8.0.0 | All | All | All |
| Application | Apache | Solr | 7.7.3 | All | All | All |
| Application | Apache | Solr | 7.7.2 | All | All | All |
| Application | Apache | Solr | 7.7.1 | All | All | All |
| Application | Apache | Solr | 7.7.0 | All | All | All |
| Application | Apache | Solr | 7.6.0 | All | All | All |