Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
Metrics
Affected Vendors & Products
References
History
Thu, 06 Feb 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Wed, 14 Aug 2024 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|

Status: PUBLISHED
Assigner: apache
Published: 2019-12-30T16:36:08.000Z
Updated: 2025-02-06T21:14:29.881Z
Reserved: 2019-10-14T00:00:00.000Z
Link: CVE-2019-17558

Updated: 2024-08-05T01:40:16.078Z

Status : Modified
Published: 2019-12-30T17:15:19.780
Modified: 2025-02-06T22:15:33.237
Link: CVE-2019-17558
