CVE-2020-13957

Missing Authorization in maven/org.apache.solr/solr-core

Identifiers

CVE-2020-13957

Package Slug

maven/org.apache.solr/solr-core

Vulnerability

Missing Authorization

Description

Apache Solr to to to prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Affected Versions

All versions starting from 6.6.0 up to 6.6.6, all versions starting from 7.0.0 up to 7.7.3, all versions starting from 8.0.0 up to 8.6.2

Solution

Upgrade to version 8.6.3 or above.

Last Modified

2020-10-21

source