Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00NXczLTJodnYtcGZ4cc4AAeck
XML Injection in Apache Solr
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.
Permalink: https://github.com/advisories/GHSA-45w3-2hvv-pfxqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NXczLTJodnYtcGZ4cc4AAeck
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 5 months ago
Identifiers: GHSA-45w3-2hvv-pfxq, CVE-2013-6408
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-6408
- https://issues.apache.org/jira/browse/SOLR-4881
- http://rhn.redhat.com/errata/RHSA-2013-1844.html
- http://rhn.redhat.com/errata/RHSA-2014-0029.html
- http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup
- http://www.openwall.com/lists/oss-security/2013/11/29/2
- https://github.com/apache/lucene-solr/commit/7239a57a51ea0f4d05dd330ce5e15e4f72f72747
- https://github.com/advisories/GHSA-45w3-2hvv-pfxq
Blast Radius: 0.0
Affected Packages
maven:org.apache.solr:solr-core
Dependent packages: 377Dependent repositories: 4,902
Downloads:
Affected Version Ranges: < 4.3.1
Fixed in: 4.3.1
All affected versions: 1.3.0, 1.4.0, 1.4.1, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.6.1, 3.6.2, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.3.0
All unaffected versions: 4.3.1, 4.4.0, 4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.9.0, 4.9.1, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 5.0.0, 5.1.0, 5.2.0, 5.2.1, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.2.1, 6.3.0, 6.4.0, 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 7.7.3, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1, 8.5.0, 8.5.1, 8.5.2, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.7.0, 8.8.0, 8.8.1, 8.8.2, 8.9.0, 8.10.0, 8.10.1, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 9.0.0, 9.1.0, 9.1.1, 9.2.0, 9.2.1, 9.3.0, 9.4.0, 9.4.1, 9.5.0, 9.6.0, 9.6.1