CVE-2013-6407 – org.apache.solr:solr-core

Package

Manager: maven
Name: org.apache.solr:solr-core
Vulnerable Version: >=0 <4.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.06719 pctl0.90892

Details

Apache Solr UpdateRequestHandler for XML resolves XML External Entities The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Metadata

Created: 2022-05-17T04:39:49Z
Modified: 2024-03-05T00:07:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-998j-j6v9-5846/GHSA-998j-j6v9-5846.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-998j-j6v9-5846
Finding: F083
Auto approve: 1