Server-Side Request Forgery (SSRF)
Affecting org.apache.solr:solr-core artifact, versions [,8.8.2)Report new vulnerabilities
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene
Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). The
ReplicationHandler (normally registered at
/replication under a
Solr core) has a
leaderUrl alias) parameter that is used to designate another
ReplicationHandler on another
Solr core to replicate index data into the local core.
These parameters are not checked against a similar configuration it uses for the
org.apache.solr:solr-core to version 8.8.2 or higher.