Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-12-30T16:36:08
Updated: 2021-03-25T00:06:22
Reserved: 2019-10-14T00:00:00
Link: CVE-2019-17558
JSON object: View
NVD Information
Status : Modified
Published: 2019-12-30T17:15:19.780
Modified: 2023-11-07T03:06:19.510
Link: CVE-2019-17558
JSON object: View
Redhat Information
No data.
CWE