CVE-2021-27905
maven/org.apache.solr/solr-core
Server-Side Request Forgery (SSRF)
The ReplicationHandler
(normally registered at /replication
under a Solr core) in Apache Solr has a masterUrl
(also leaderUrl
alias) parameter that is used to designate another ReplicationHandler
on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the shards
parameter.
All versions before 8.8.2
Upgrade to version 8.8.2 or above.
2021-04-28
source |