Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2019-12-30T16:36:08
Updated: 2024-08-05T01:40:16.078Z
Reserved: 2019-10-14T00:00:00
Link: CVE-2019-17558
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-30T17:15:19.780
Modified: 2024-11-21T04:32:31.450
Link: CVE-2019-17558
Redhat