GHSA-ww97-9w65-2crx

Source

https://github.com/advisories/GHSA-ww97-9w65-2crx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/02/GHSA-ww97-9w65-2crx/GHSA-ww97-9w65-2crx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ww97-9w65-2crx

Aliases

CVE-2019-17558

Published

2020-02-12T18:45:28Z

Modified

2024-07-25T20:55:48.082465Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Input Validation in Apache Solr

Details

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting params.resource.loader.enabled by defining a response writer with that setting set to true. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is trusted (has been uploaded by an authenticated user).

Database specific

{
    "nvd_published_at": "2019-12-30T17:15:00Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-74",
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-02-11T19:43:12Z"
}

References

Affected packages

Maven / org.apache.solr:solr-core

Package

Name: org.apache.solr:solr-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.solr/solr-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

8.4.0

Affected versions

5.*

5.0.0

5.1.0

5.2.0

5.2.1

5.3.0

5.3.1

5.3.2

5.4.0

5.4.1

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

6.*

6.0.0

6.0.1

6.1.0

6.2.0

6.2.1

6.3.0

6.4.0

6.4.1

6.4.2

6.5.0

6.5.1

6.6.0

6.6.1

6.6.2

6.6.3

6.6.4

6.6.5

6.6.6

7.*

7.0.0

7.0.1

7.1.0

7.2.0

7.2.1

7.3.0

7.3.1

7.4.0

7.5.0

7.6.0

7.7.0

7.7.1

7.7.2

7.7.3

8.*

8.0.0

8.1.0

8.1.1

8.2.0

8.3.0

8.3.1

Database specific

{
    "last_known_affected_version_range": "<= 5.5.5"
}

Maven / org.apache.solr:solr-core

Package

Name: org.apache.solr:solr-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.solr/solr-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

8.4.0

Affected versions

6.*

6.0.0

6.0.1

6.1.0

6.2.0

6.2.1

6.3.0

6.4.0

6.4.1

6.4.2

6.5.0

6.5.1

6.6.0

6.6.1

6.6.2

6.6.3

6.6.4

6.6.5

6.6.6

7.*

7.0.0

7.0.1

7.1.0

7.2.0

7.2.1

7.3.0

7.3.1

7.4.0

7.5.0

7.6.0

7.7.0

7.7.1

7.7.2

7.7.3

8.*

8.0.0

8.1.0

8.1.1

8.2.0

8.3.0

8.3.1

Database specific

{
    "last_known_affected_version_range": "<= 6.6.6"
}

Maven / org.apache.solr:solr-core

Package

Name: org.apache.solr:solr-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.solr/solr-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

8.4.0

Affected versions

7.*

7.0.0

7.0.1

7.1.0

7.2.0

7.2.1

7.3.0

7.3.1

7.4.0

7.5.0

7.6.0

7.7.0

7.7.1

7.7.2

7.7.3

8.*

8.0.0

8.1.0

8.1.1

8.2.0

8.3.0

8.3.1

Database specific

{
    "last_known_affected_version_range": "<= 7.7.2"
}

Maven / org.apache.solr:solr-core

Package

Name: org.apache.solr:solr-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.solr/solr-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.4.0

Affected versions

8.*

8.0.0

8.1.0

8.1.1

8.2.0

8.3.0

8.3.1

Database specific

{
    "last_known_affected_version_range": "<= 8.3.1"
}