solr

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source enterprise search platform built on Apache Lucene
Version 8.8.1-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1808 8.8.1-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-29943 AVG-1808 Medium Yes Authentication bypass
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using...
CVE-2021-29262 AVG-1808 Medium Yes Information disclosure
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing...
CVE-2021-27905 AVG-1808 Medium Yes Cross-site request forgery
The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to...