CVE-2012-6612: Improper Restriction of XML External Entity Reference in Apache Solr
(updated )
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
References
- rhn.redhat.com/errata/RHSA-2013-1844.html
- rhn.redhat.com/errata/RHSA-2014-0029.html
- svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
- github.com/advisories/GHSA-6cpj-3g83-q2j4
- github.com/apache/lucene-solr/commit/0d21b900975b7048d2e925d852aeacb9bdc6766c
- github.com/apache/lucene-solr/commit/f230486ce6707762c1a6e81655d0fac52887906d
- issues.apache.org/jira/browse/SOLR-3895
- nvd.nist.gov/vuln/detail/CVE-2012-6612
Detect and mitigate CVE-2012-6612 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →