CVE-2021-27905

Server-Side Request Forgery (SSRF) in maven/org.apache.solr/solr-core

Identifiers

CVE-2021-27905

Package Slug

maven/org.apache.solr/solr-core

Vulnerability

Server-Side Request Forgery (SSRF)

Description

The ReplicationHandler (normally registered at /replication under a Solr core) in Apache Solr has a masterUrl (also leaderUrl alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the shards parameter.

Affected Versions

All versions before 8.8.2

Solution

Upgrade to version 8.8.2 or above.

Last Modified

2021-04-28

source