Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjOXYtaDI4Zi1qY21m
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs.
Permalink: https://github.com/advisories/GHSA-rc9v-h28f-jcmfJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjOXYtaDI4Zi1qY21m
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 6 years ago
Updated: 10 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00089
EPSS Percentile: 0.39224
Identifiers: GHSA-rc9v-h28f-jcmf, CVE-2018-8010
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-8010
- https://github.com/advisories/GHSA-rc9v-h28f-jcmf
- https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
- https://mail-archives.apache.org/mod_mbox/www-announce/201805.mbox/%3C08a801d3f0f9%24df46d300%249dd47900%24%40apache.org%3E
- http://www.securityfocus.com/bid/104239
- https://github.com/apache/lucene-solr/commit/4ba409e0ff3dc38aad88f7b7ad69a76325272b8
- https://github.com/apache/lucene-solr/commit/6c4e45e28494d4d4d04fb89852d18c86fa3d5f8
- https://github.com/apache/lucene-solr/commit/6d082d5743dee7e08a86b3f2ef03bc025112512
- https://github.com/apache/lucene-solr/commit/96f079b4b47eaadff65c7aaf0e5bafe68e30ec3
- https://issues.apache.org/jira/browse/SOLR-12316
Blast Radius: 20.3
Affected Packages
maven:org.apache.solr:solr-core
Dependent packages: 377Dependent repositories: 4,902
Downloads:
Affected Version Ranges: >= 7.0.0, < 7.3.1, >= 6.6.0, < 6.6.4
Fixed in: 7.3.1, 6.6.4
All affected versions: 6.6.0, 6.6.1, 6.6.2, 6.6.3, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0
All unaffected versions: 1.3.0, 1.4.0, 1.4.1, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.6.1, 3.6.2, 4.0.0, 4.1.0, 4.2.0, 4.2.1, 4.3.0, 4.3.1, 4.4.0, 4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.9.0, 4.9.1, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 5.0.0, 5.1.0, 5.2.0, 5.2.1, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.2.1, 6.3.0, 6.4.0, 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.4, 6.6.5, 6.6.6, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 7.7.3, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1, 8.5.0, 8.5.1, 8.5.2, 8.6.0, 8.6.1, 8.6.2, 8.6.3, 8.7.0, 8.8.0, 8.8.1, 8.8.2, 8.9.0, 8.10.0, 8.10.1, 8.11.0, 8.11.1, 8.11.2, 8.11.3, 8.11.4, 9.0.0, 9.1.0, 9.1.1, 9.2.0, 9.2.1, 9.3.0, 9.4.0, 9.4.1, 9.5.0, 9.6.0, 9.6.1, 9.7.0