CVE-2019-12401 – org.apache.solr:solr-core

Package

Manager: maven
Name: org.apache.solr:solr-core
Vulnerable Version: >=0 <5.0.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.28199 pctl0.96328

Details

Apache Solr vulnerable to XML Bomb Solr versions prior to 5.0.0 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.

Metadata

Created: 2022-05-24T22:00:29Z
Modified: 2023-03-06T20:47:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jq2w-w7v2-69q5/GHSA-jq2w-w7v2-69q5.json
CWE IDs: ["CWE-776"]
Alternative ID: GHSA-jq2w-w7v2-69q5
Finding: F083
Auto approve: 1