CVE-2012-6612 – org.apache.solr:solr-core

Package

Manager: maven
Name: org.apache.solr:solr-core
Vulnerable Version: >=0 <4.1.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.01186 pctl0.78

Details

Improper Restriction of XML External Entity Reference in Apache Solr The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

Metadata

Created: 2022-05-17T04:50:16Z
Modified: 2022-07-12T21:32:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6cpj-3g83-q2j4/GHSA-6cpj-3g83-q2j4.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-6cpj-3g83-q2j4
Finding: F083
Auto approve: 1