CVE-2020-13957: Missing Authorization

October 13, 2020 (updated July 21, 2021)

Apache Solr to to to prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that’s uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

References

nvd.nist.gov/vuln/detail/CVE-2020-13957

Detect and mitigate CVE-2020-13957 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →