CVE-2021-27905

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-27905
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27905.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-27905
Aliases
Downstream
Published
2021-04-13T07:15:12.137Z
Modified
2026-04-10T04:30:45.062875Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

References

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges

Type
GIT
Repo
https://github.com/apache/lucene-solr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a92a05e195b775b30ca410bc0a26e8e79e7b3bfb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.8.2"
        }
    ]
}

Affected versions

Other
grafts/lucene-oldest
grafts/lucene-solr-copy
grafts/lucene-solr-oldest-merged
history/branches/lucene-solr/lucene-6997
releases/lucene-solr/8.*
releases/lucene-solr/8.8.0
releases/lucene-solr/8.8.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27905.json"