...
Table of Contents |
---|
Security Announcements
...
For each CVE listed below, please be sure to read the mailing list announcement for full details and mitigation steps.
Date | CVE | Title | Impacted Versions | Mitigation | Links |
---|---|---|---|---|---|
2019-11-18 | CVE-2019-12409 | RCE vulnerability due to bad config default | 8.1.1-8.2.0 | Can be mitigated with either a Solr upgrade or a configuration change. | Jira issue: SOLR-13647 |
2019-09-09 | CVE-2019-12401 | XML Bomb in Apache Solr versions prior to 5.0 | 1.3.0-1.4.1 3.1.0-3.6.2 4.0.0-4.10.4 | Can only be mitigated with Solr upgrade. | Jira issue: SOLR-13750 |
2019-07-31 | CVE-2019-0193 | Remote Code Execution via DataImportHandler | all up to 8.2.0 | Can be mitigated with either a Solr upgrade or a configuration change. | Jira issue: SOLR-13669 |
2019-03-06 | CVE-2019-0192 | Deserialization of untrusted data via jmx.serviceUrl | 5.0.0-5.5.5 6.0.0-6.6.5 | Can be mitigated with either a Solr upgrade or a configuration change. | Jira issue: SOLR-13301 |
2019-02-12 | CVE-2017-3164 | SSRF issue in Apache Solr | 1.3.0-7.6.0 | Can only be mitigated with Solr upgrade. | Jira issue: SOLR-12770 |
2018-04-08 | CVE-2018-1308 | XXE attack through DIH's dataConfig request parameter | 1.2-6.6.2 7.0.0-7.2.1 | Can be mitigated with either a Solr upgrade or a configuration change. | Jira issue: SOLR-11971 |
2017-10-26 | CVE-2016-6809 | Arbitrary Code Execution Vulnerabilty in Apache Tika | 1.2-6.6.1 7.0 | This vulnerability is with Apache Tika versions earlier than 1.14. A Tika dependency update was released in Solr 6.6.2 and Solr 7.1. Can only be mitigated with Solr upgrade. | Jira issue: SOLR-10335 |
2017-10-18 | CVE-2017-12629 | Several XXE & RCE vulnerabilities in Apache Solr | 5.5.0-5.5.4 6.0.0-6.6.1 7.0.0-7.0.1 | Can be mitigated with either a Solr upgrade or a configuration change. | Jira issues: SOLR-11482 and SOLR-11477 |
2017-09-18 | CVE-2017-9803 | Vulnerability in Kerberos delegation token functionality | 6.2.0-6.6.0 | Can only be mitigated with a Solr upgrade. | Jira issue: SOLR-11184 |
2017-07-07 | CVE-2017-7660 | Vulnerability in secure inter-node communication | 5.3.0-5.5.4 6.0.0-6.5.1 | Can only be mitigated with a Solr upgrade. | Jira issue: SOLR-10624 |
2017-02-15 | CVE-2017-3163 | ReplicationHandler path traversal attack | 1.4.0-6.4.0 | Can only be mitigated with a Solr upgrade. | Jira issue: SOLR-10031 |
...
Warning |
---|
If you believe you have discovered a vulnerability in Lucene or Solr, please follow these ASF guidelines for reporting it. |
...