CVE-2019-0192

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-0192
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0192.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-0192
Aliases
Published
2019-03-07T21:29:00Z
Modified
2024-05-29T23:11:11Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

References

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges