Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2020-10-13T18:28:52
Updated: 2024-08-04T12:32:14.343Z
Reserved: 2020-06-08T00:00:00
Link: CVE-2020-13957
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-13T19:15:12.460
Modified: 2024-11-21T05:02:14.257
Link: CVE-2020-13957
Redhat