lucene-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomas Fernandez Lobbe <>
Subject [SECURITY] CVE-2017-3164 SSRF issue in Apache Solr
Date Tue, 12 Feb 2019 19:43:49 GMT
CVE-2017-3164 SSRF issue in Apache Solr

Severity: High

Vendor: The Apache Software Foundation

Versions Affected:
Apache Solr versions from 1.3 to 7.6.0

The "shards" parameter does not have a corresponding whitelist mechanism,
so it can request any URL.

Upgrade to Apache Solr 7.7.0 or later.
Ensure your network settings are configured so that only trusted traffic is
allowed to ingress/egress your hosts running Solr.

dk from Chaitin Tech


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message