Vulnerabilities > Apache > Solr > 6.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-01 | CVE-2018-11802 | Incorrect Authorization vulnerability in Apache Solr In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. | 4.3 |
| 2019-12-30 | CVE-2019-17558 | Injection vulnerability in multiple products Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. | 7.5 |
| 2019-08-01 | CVE-2019-0193 | Code Injection vulnerability in multiple products In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. | 7.2 |
| 2019-03-08 | CVE-2017-3164 | Server-Side Request Forgery (SSRF) vulnerability in Apache Solr Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). | 7.5 |
| 2019-03-07 | CVE-2019-0192 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. | 9.8 |
| 2018-07-05 | CVE-2018-8026 | XXE vulnerability in multiple products This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). | 5.5 |
| 2018-05-21 | CVE-2018-8010 | XXE vulnerability in Apache Solr This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). | 5.5 |
| 2018-04-09 | CVE-2018-1308 | XXE vulnerability in multiple products This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. | 7.5 |
| 2017-10-14 | CVE-2017-12629 | XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. | 9.8 |
| 2017-08-30 | CVE-2017-3163 | Path Traversal vulnerability in Apache Solr When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. | 7.5 |