Vulnerabilities > Apache > Solr > 6.6.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-13941 | Improper Input Validation vulnerability in Apache Solr Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. | 8.8 |
| 2020-04-01 | CVE-2018-11802 | Incorrect Authorization vulnerability in Apache Solr In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. | 4.0 |
| 2019-12-30 | CVE-2019-17558 | Injection vulnerability in multiple products Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. | 7.5 |
| 2019-08-01 | CVE-2019-0193 | Code Injection vulnerability in Apache Solr In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. | 7.2 |
| 2019-03-08 | CVE-2017-3164 | Server-Side Request Forgery (SSRF) vulnerability in Apache Solr Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). | 7.5 |
| 2019-03-07 | CVE-2019-0192 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. | 9.8 |