CVE-2021-28163

Improper Link Resolution Before File Access in maven/org.apache.solr/solr-core

Identifiers

CVE-2021-28163, GHSA-j6qj-j888-vvgq

Package Slug

maven/org.apache.solr/solr-core

Vulnerability

Improper Link Resolution Before File Access

Description

In Eclipse Jetty, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

Affected Versions

Version 8.8.1

Solution

Upgrade to version 8.8.2 or above.

Last Modified

2021-09-20

source