solr

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Open source enterprise search platform built on Apache Lucene
Version	9.7.0-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2622	8.11.0-1	8.11.0-2	Critical	Fixed	FS#72975
AVG-1808	8.8.1-1	8.8.2-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-44228	AVG-2622	Critical	Yes	Arbitrary code execution	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI...
CVE-2021-29943	AVG-1808	Medium	Yes	Authentication bypass	When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using...
CVE-2021-29262	AVG-1808	Medium	Yes	Information disclosure	When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing...
CVE-2021-27905	AVG-1808	Medium	Yes	Cross-site request forgery	The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to...