solr

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source enterprise search platform built on Apache Lucene
Version 8.11.1-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2622 8.11.0-1 8.11.0-2 Critical Fixed FS#72975
AVG-1808 8.8.1-1 8.8.2-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-44228 AVG-2622 Critical Yes Arbitrary code execution
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI...
CVE-2021-29943 AVG-1808 Medium Yes Authentication bypass
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using...
CVE-2021-29262 AVG-1808 Medium Yes Information disclosure
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing...
CVE-2021-27905 AVG-1808 Medium Yes Cross-site request forgery
The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to...