Vulnerability
Apache Solr is an independent full-text search server written in Java and running in a Servlet container (such as Apache Tomcat or Jetty). Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user-defined configset could contain renderable, potentially malicious, templates.
Impact
Attackers can use the Velocity-SSTI vulnerability to execute arbitrary code on the Solr system with the help of a custom Velocity template function
Mitigation / Precaution
We recommend you to upgrade Apache Solr to the latest version.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
