Affecting org.apache.solr:solr-core artifact, versions [,8.2.0)
org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene
Affected versions of this package are vulnerable to Improper Authentication.
DataImportHandler has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter, and since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
org.apache.solr:solr-core to version 8.2.0 or higher.