CVE-2013-6397: Path Traversal

December 7, 2013 (updated October 23, 2015)

Directory traversal vulnerability in SolrResourceLoader in Apache Solr allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT.

References

bugzilla.redhat.com/CVE-2013-6397

Detect and mitigate CVE-2013-6397 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →