Vulnerability
Apache Solr is an independent full-text search server written in Java and running in a Servlet container (such as Apache Tomcat or Jetty). Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user-defined configset could contain renderable, potentially malicious, templates.
Impact
Attackers can use the Velocity-SSTI vulnerability to execute arbitrary code on the Solr system with the help of a custom Velocity template function
Mitigation / Precaution
We recommend you to upgrade Apache Solr to the latest version.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
