solr
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Open source enterprise search platform built on Apache Lucene |
| Version | 8.8.1-1 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1808 | 8.8.1-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-29943 | AVG-1808 | Medium | Yes | Authentication bypass | When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using... |
| CVE-2021-29262 | AVG-1808 | Medium | Yes | Information disclosure | When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing... |
| CVE-2021-27905 | AVG-1808 | Medium | Yes | Cross-site request forgery | The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to... |