CVE-2020-27223

Uncontrolled Resource Consumption in maven/org.apache.solr/solr-core

Identifiers

CVE-2020-27223, GHSA-m394-8rww-3jr7

Package Slug

maven/org.apache.solr/solr-core

Vulnerability

Uncontrolled Resource Consumption

Description

When Jetty handles a request containing multiple Accept headers with a large number of quality (i.e., q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

Affected Versions

Version 8.8.1

Solution

Upgrade to version 8.8.2 or above.

Last Modified

2021-09-20

source