CVE-2021-27905
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-27905
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27905.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-27905
- Aliases
- Related
- Published
- 2021-04-13T07:15:12Z
- Modified
- 2024-09-18T03:15:09.040275Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
- References
-
- https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210611-0009/
- https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f%40%3Cnotifications.ofbiz.apache.org%3E
- https://security-tracker.debian.org/tracker/CVE-2021-27905
Affected packages
Debian:11 / lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/debian/lucene-solr?arch=source
Debian:12 / lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/debian/lucene-solr?arch=source
Debian:13 / lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/debian/lucene-solr?arch=source
Git / github.com/apache/lucene-solr
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/lucene-solr
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
grafts/lucene-oldest
grafts/lucene-solr-copy
grafts/lucene-solr-oldest-merged
grafts/solr-incubator-latest
grafts/solr-incubator-oldest
grafts/solr-latest
grafts/solr-oldest
history/branches/lucene-solr/LUCENE-5622
history/branches/lucene-solr/LUCENE2793
history/branches/lucene-solr/cleanup2878
history/branches/lucene-solr/docvalues
history/branches/lucene-solr/jira/lucene-5438-nrt-replication
history/branches/lucene-solr/lucene-6835
history/branches/lucene-solr/lucene-6997
history/branches/lucene-solr/lucene2510
history/branches/lucene-solr/lucene2858
history/branches/lucene-solr/lucene3069
history/branches/lucene-solr/lucene3312
history/branches/lucene-solr/lucene3606
history/branches/lucene-solr/lucene3661
history/branches/lucene-solr/lucene3795_lsp_spatial_module
history/branches/lucene-solr/lucene3846
history/branches/lucene-solr/lucene3969
history/branches/lucene-solr/lucene4055
history/branches/lucene-solr/lucene4199
history/branches/lucene-solr/lucene4236
history/branches/lucene-solr/lucene4335
history/branches/lucene-solr/lucene4446
history/branches/lucene-solr/lucene4547
history/branches/lucene-solr/lucene4765
history/branches/lucene-solr/lucene5178
history/branches/lucene-solr/lucene5207
history/branches/lucene-solr/lucene5339
history/branches/lucene-solr/lucene539399
history/branches/lucene-solr/lucene5468
history/branches/lucene-solr/lucene5487
history/branches/lucene-solr/lucene5493
history/branches/lucene-solr/lucene5611
history/branches/lucene-solr/lucene5666
history/branches/lucene-solr/lucene5675
history/branches/lucene-solr/lucene5752
history/branches/lucene-solr/lucene5858
history/branches/lucene-solr/lucene5969
history/branches/lucene-solr/lucene5995
history/branches/lucene-solr/lucene6196
history/branches/lucene-solr/lucene6238
history/branches/lucene-solr/lucene6271
history/branches/lucene-solr/lucene6299
history/branches/lucene-solr/lucene6487
history/branches/lucene-solr/pforcodec_3892
history/branches/lucene-solr/preflexfixes
history/branches/lucene-solr/realtime_search
history/branches/lucene-solr/slowclosing
history/branches/lucene-solr/solr2452
history/branches/lucene-solr/solr3733
history/branches/lucene-solr/solr5914
history/branches/lucene-solr/solr7787
releases/lucene-solr/8.*
releases/lucene-solr/8.8.0
releases/lucene-solr/8.8.1