CVE-2021-27905: Server-Side Request Forgery (SSRF)

April 13, 2021 (updated November 7, 2023)

The ReplicationHandler (normally registered at /replication under a Solr core) in Apache Solr has a masterUrl (also leaderUrl alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the shards parameter.

References

nvd.nist.gov/vuln/detail/CVE-2021-27905

Detect and mitigate CVE-2021-27905 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →