Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solr vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2018-11802
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr ...
Apache Solr
6.1
CVSSv3
CVE-2015-8796
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr prior to 5.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted schema-browse URL.
Apache Solr
6.1
CVSSv3
CVE-2015-8797
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr prior to 5.3.1 allows remote malicious users to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI.
Apache Solr
7.5
CVSSv3
CVE-2023-50298
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 up to and including 8.11.2, from 9.0.0 prior to 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "...
Apache Solr
8.8
CVSSv3
CVE-2023-50386
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 up to and including 8.11.2, from 9.0.0 prior t...
Apache Solr
1 Github repository
7.5
CVSSv3
CVE-2021-29262
When starting Apache Solr versions before 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would ...
Apache Solr
7.5
CVSSv3
CVE-2023-50291
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 up to and including 8.11.2, from 9.0.0 prior to 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was ...
Apache Solr
7.5
CVSSv3
CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Apache Solr
1 Github repository
7.2
CVSSv3
CVE-2019-0193
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses ...
Apache Solr
10 Github repositories
8.8
CVSSv3
CVE-2020-13941
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBack...
Apache Solr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »