oss-sec mailing list archives
CVE request: Apache Solr 4.6.0
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Wed, 27 Nov 2013 00:06:53 +0100
Hello, Apache Solr 4.6.0 was released a few days ago. This version includes a fix for bug SOLR-4882 (directory traversal when accessing XSLT stylesheets and Velocity templates): http://lucene.apache.org/solr/4_6_0/changes/Changes.html#v4.6.0.security https://issues.apache.org/jira/browse/SOLR-4882 If the user can store his own files on the server, this vulnerability could be abused to gain remote code execution. Regards, Nicolas Grégoire
Current thread:
- CVE request: Apache Solr 4.6.0 Nicolas Grégoire (Nov 26)
- Re: CVE request: Apache Solr 4.6.0 Kurt Seifried (Nov 26)