CVE-2020-13957
13.10.2020, 19:15
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| apache | solr | 6.6.0 ≤ 𝑥 ≤ 6.6.6 |
| apache | solr | 7.0.0 ≤ 𝑥 ≤ 7.7.3 |
| apache | solr | 8.0.0 ≤ 𝑥 ≤ 8.6.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References