{"containers": {"cna": {"affected": [{"product": "Apache Solr", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache Solr 5.0.0 to Apache Solr 8.3.1"}]}], "descriptions": [{"lang": "en", "value": "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user)."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-25T00:06:22", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[lucene-issues] 20200107 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750c36e9a8045c627a%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9271d030452170ba6160c022757e1b5af8a4c9ccf9e04164dec02e7f%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra29fa6ede5184385bf2c63e8ec054990a7d4622bba1d244bee70d82d%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat opened a new pull request #1156: SOLR-13971", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r36e35fd76239a381643555966fb3e72139e018d52d76544fb42f96d8%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7e85070cec3ae78d%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] artem-smotrakov commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d051ae0c4a5edf07af%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349018705208e65b37%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat closed pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af65598a30e20209739a%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [jira] [Commented] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] chatman commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7084273a12e87aeb%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20200213 Re: 7.7.3 bugfix release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20200214 Re: 7.7.3 bugfix release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200219 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rafc939fdd753f55707841cd5886fc7fcad4d8d8ba0c72429b3220a9a%40%3Cissues.lucene.apache.org%3E"}, {"name": "[ambari-issues] 20200220 [jira] [Created] (AMBARI-25482) solr dependence CVE-2019-17558", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rde3dbd8e646dabf8bef1b097e9a13ee0ecbdb8441aaed6092726c98d%40%3Cissues.ambari.apache.org%3E"}, {"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.apache.org/jira/browse/SOLR-13971"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.html"}, {"name": "[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #474: There is a vulnerability in Apache Solr 5.5.4,upgrade recommended", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E"}, {"name": "[lucene-solr-user] 20210203 Re: SolrCloud keeps crashing", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r79c7e75f90e735fd32c4e3e97340625aab66c09dfe8c4dc0ab768b69%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham edited a comment on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re8d12db916b5582a23ed144b9c5abd0bea0be1649231aa880f6cbfff%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca26c37bbad45e31de%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210212 CVE-2019-17558 on SOLR 6.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7b89b3dcfc1b6c52dd8d610b897ac98408245040c92b484fe97a51a2%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210212 Re: CVE-2019-17558 on SOLR 6.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8e7a3c253a695a7667da0b0ec57f9bb0e31f039e62afbc00a1d96f7b%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210213 Re: CVE-2019-17558 on SOLR 6.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5dc200f7337093285bac40e6d5de5ea66597c3da343a0f7553f1bb12%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210315 [GitHub] [lucene-solr] erikhatcher commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7f21ab40a9b17b1a703db84ac56773fcabacd4cc1eb5c4700d17c071%40%3Cissues.lucene.apache.org%3E"}, {"name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-17558", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Solr", "version": {"version_data": [{"version_value": "Apache Solr 5.0.0 to Apache Solr 8.3.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "[lucene-issues] 20200107 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750c36e9a8045c627a@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9271d030452170ba6160c022757e1b5af8a4c9ccf9e04164dec02e7f@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra29fa6ede5184385bf2c63e8ec054990a7d4622bba1d244bee70d82d@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat opened a new pull request #1156: SOLR-13971", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r36e35fd76239a381643555966fb3e72139e018d52d76544fb42f96d8@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7e85070cec3ae78d@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] artem-smotrakov commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d051ae0c4a5edf07af@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349018705208e65b37@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat closed pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af65598a30e20209739a@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [jira] [Commented] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] chatman commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7084273a12e87aeb@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20200213 Re: 7.7.3 bugfix release", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51@%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20200214 Re: 7.7.3 bugfix release", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66@%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200219 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rafc939fdd753f55707841cd5886fc7fcad4d8d8ba0c72429b3220a9a@%3Cissues.lucene.apache.org%3E"}, {"name": "[ambari-issues] 20200220 [jira] [Created] (AMBARI-25482) solr dependence CVE-2019-17558", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rde3dbd8e646dabf8bef1b097e9a13ee0ecbdb8441aaed6092726c98d@%3Cissues.ambari.apache.org%3E"}, {"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://issues.apache.org/jira/browse/SOLR-13971", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/SOLR-13971"}, {"name": "http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.html"}, {"name": "[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #474: There is a vulnerability in Apache Solr 5.5.4,upgrade recommended", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3E"}, {"name": "[lucene-solr-user] 20210203 Re: SolrCloud keeps crashing", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r79c7e75f90e735fd32c4e3e97340625aab66c09dfe8c4dc0ab768b69@%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham edited a comment on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re8d12db916b5582a23ed144b9c5abd0bea0be1649231aa880f6cbfff@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca26c37bbad45e31de@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210212 CVE-2019-17558 on SOLR 6.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7b89b3dcfc1b6c52dd8d610b897ac98408245040c92b484fe97a51a2@%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210212 Re: CVE-2019-17558 on SOLR 6.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8e7a3c253a695a7667da0b0ec57f9bb0e31f039e62afbc00a1d96f7b@%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210213 Re: CVE-2019-17558 on SOLR 6.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5dc200f7337093285bac40e6d5de5ea66597c3da343a0f7553f1bb12@%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210315 [GitHub] [lucene-solr] erikhatcher commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7f21ab40a9b17b1a703db84ac56773fcabacd4cc1eb5c4700d17c071@%3Cissues.lucene.apache.org%3E"}, {"name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:16.078Z"}, "title": "CVE Program Container", "references": [{"name": "[lucene-issues] 20200107 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750c36e9a8045c627a%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [jira] [Commented] (SOLR-13971) CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9271d030452170ba6160c022757e1b5af8a4c9ccf9e04164dec02e7f%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra29fa6ede5184385bf2c63e8ec054990a7d4622bba1d244bee70d82d%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat opened a new pull request #1156: SOLR-13971", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r36e35fd76239a381643555966fb3e72139e018d52d76544fb42f96d8%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7e85070cec3ae78d%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] artem-smotrakov commented on a change in pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d051ae0c4a5edf07af%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349018705208e65b37%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat closed pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af65598a30e20209739a%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [jira] [Commented] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] chatman commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7084273a12e87aeb%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20200213 Re: 7.7.3 bugfix release", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-dev] 20200214 Re: 7.7.3 bugfix release", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20200219 [jira] [Updated] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rafc939fdd753f55707841cd5886fc7fcad4d8d8ba0c72429b3220a9a%40%3Cissues.lucene.apache.org%3E"}, {"name": "[ambari-issues] 20200220 [jira] [Created] (AMBARI-25482) solr dependence CVE-2019-17558", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rde3dbd8e646dabf8bef1b097e9a13ee0ecbdb8441aaed6092726c98d%40%3Cissues.ambari.apache.org%3E"}, {"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.apache.org/jira/browse/SOLR-13971"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.html"}, {"name": "[submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #474: There is a vulnerability in Apache Solr 5.5.4,upgrade recommended", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E"}, {"name": "[lucene-solr-user] 20210203 Re: SolrCloud keeps crashing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r79c7e75f90e735fd32c4e3e97340625aab66c09dfe8c4dc0ab768b69%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham edited a comment on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re8d12db916b5582a23ed144b9c5abd0bea0be1649231aa880f6cbfff%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210210 [GitHub] [lucene-solr] rhtham commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca26c37bbad45e31de%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210212 CVE-2019-17558 on SOLR 6.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7b89b3dcfc1b6c52dd8d610b897ac98408245040c92b484fe97a51a2%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210212 Re: CVE-2019-17558 on SOLR 6.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8e7a3c253a695a7667da0b0ec57f9bb0e31f039e62afbc00a1d96f7b%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-solr-user] 20210213 Re: CVE-2019-17558 on SOLR 6.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5dc200f7337093285bac40e6d5de5ea66597c3da343a0f7553f1bb12%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20210315 [GitHub] [lucene-solr] erikhatcher commented on pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7f21ab40a9b17b1a703db84ac56773fcabacd4cc1eb5c4700d17c071%40%3Cissues.lucene.apache.org%3E"}, {"name": "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-17558", "datePublished": "2019-12-30T16:36:08", "dateReserved": "2019-10-14T00:00:00", "dateUpdated": "2024-08-05T01:40:16.078Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB21C976-BDB8-4C23-8D75-D80EED433743", "versionEndExcluding": "7.7.3", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE21606-4430-4CE0-ACFE-860199DC6D96", "versionEndExcluding": "8.4.0", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user)."}, {"lang": "es", "value": "Apache Solr versi\u00f3n 5.0.0 hasta Apache Solr versi\u00f3n 8.3.1 son vulnerables a una ejecuci\u00f3n de c\u00f3digo remota por medio de la funci\u00f3n VelocityResponseWriter. Se puede proporcionar una plantilla Velocity por medio de plantillas Velocity en un directorio configset \"velocity/\" o como un par\u00e1metro. Un configset definido por el usuario podr\u00eda contener plantillas renderizables, potencialmente maliciosas. Las plantillas proporcionadas por los par\u00e1metros est\u00e1n deshabilitadas por defecto, pero pueden ser habilitadas configurando \"params.resource.loader.enabled\" definiendo un escritor de respuestas con esa configuraci\u00f3n establecida en \"true\". La definici\u00f3n de un escritor de respuestas requiere acceso a la API de configuraci\u00f3n. Solr versi\u00f3n 8.4 elimin\u00f3 por completo el cargador de recursos params, y solo habilita la renderizaci\u00f3n de la plantilla proporcionada por el configset cuando el configset es \"trusted\" (ha sido cargado por parte de un usuario autenticado)."}], "id": "CVE-2019-17558", "lastModified": "2024-07-25T14:32:21.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-30T17:15:19.780", "references": [{"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.html"}, {"source": "security@apache.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/SOLR-13971"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af65598a30e20209739a%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/r36e35fd76239a381643555966fb3e72139e018d52d76544fb42f96d8%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Exploit", "Mailing List"], "url": "https://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7e85070cec3ae78d%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349018705208e65b37%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r5dc200f7337093285bac40e6d5de5ea66597c3da343a0f7553f1bb12%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r79c7e75f90e735fd32c4e3e97340625aab66c09dfe8c4dc0ab768b69%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r7b89b3dcfc1b6c52dd8d610b897ac98408245040c92b484fe97a51a2%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r7f21ab40a9b17b1a703db84ac56773fcabacd4cc1eb5c4700d17c071%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca26c37bbad45e31de%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r8e7a3c253a695a7667da0b0ec57f9bb0e31f039e62afbc00a1d96f7b%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r9271d030452170ba6160c022757e1b5af8a4c9ccf9e04164dec02e7f%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7084273a12e87aeb%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/ra29fa6ede5184385bf2c63e8ec054990a7d4622bba1d244bee70d82d%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/rafc939fdd753f55707841cd5886fc7fcad4d8d8ba0c72429b3220a9a%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750c36e9a8045c627a%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/rde3dbd8e646dabf8bef1b097e9a13ee0ecbdb8441aaed6092726c98d%40%3Cissues.ambari.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/re8d12db916b5582a23ed144b9c5abd0bea0be1649231aa880f6cbfff%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Exploit", "Mailing List"], "url": "https://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d051ae0c4a5edf07af%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "solr: Remote Code Execution through the VelocityResponseWriter", "id": "1789509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789509"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user)."], "name": "CVE-2019-17558", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Not affected", "package_name": "solr-core", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "solr-core", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "solr-core", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "solr-core", "product_name": "Red Hat JBoss Fuse Service Works 6"}], "public_date": "2019-12-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-17558\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17558\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Moderate"}