CVE-2018-1308 – org.apache.solr:solr-core

Package

Manager: maven
Name: org.apache.solr:solr-core
Vulnerable Version: >=1.2 <6.6.3 || >=7.0.0 <7.3.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.06066 pctl0.90381

Details

There is a XML external entity expansion (XXE) vulnerability in Apache Solr This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Metadata

Created: 2018-10-17T19:55:46Z
Modified: 2024-03-04T20:32:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-3pph-2595-cgfh/GHSA-3pph-2595-cgfh.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-3pph-2595-cgfh
Finding: F083
Auto approve: 1