UBUNTU-CVE-2021-27905

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-27905

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-27905.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-27905

Related

CVE-2021-27905

Published

2021-04-13T07:15:00Z

Modified

2024-10-15T14:08:05Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

References

Affected packages

Ubuntu:Pro:14.04:LTS / lucene-solr

Package

Name: lucene-solr
Purl: pkg:deb/ubuntu/lucene-solr?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-1

3.6.2+dfsg-2

3.6.2+dfsg-2ubuntu0.1~esm1

3.6.2+dfsg-2ubuntu0.1~esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / lucene-solr

Package

Name: lucene-solr
Purl: pkg:deb/ubuntu/lucene-solr?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-7

3.6.2+dfsg-8

3.6.2+dfsg-8ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / lucene-solr

Package

Name: lucene-solr
Purl: pkg:deb/ubuntu/lucene-solr?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-10

3.6.2+dfsg-11

3.6.2+dfsg-18~18.04

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / lucene-solr

Package

Name: lucene-solr
Purl: pkg:deb/ubuntu/lucene-solr?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-20

3.6.2+dfsg-22

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / lucene-solr

Package

Name: lucene-solr
Purl: pkg:deb/ubuntu/lucene-solr?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-24

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / lucene-solr

Package

Name: lucene-solr
Purl: pkg:deb/ubuntu/lucene-solr?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-26

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / lucene-solr

Package

Name: lucene-solr
Purl: pkg:deb/ubuntu/lucene-solr?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2+dfsg-26

Ecosystem specific

{
    "ubuntu_priority": "medium"
}