[ https://issues.apache.org/jira/browse/SOLR-11971?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Uwe Schindler updated SOLR-11971: --------------------------------- Security: Public (was: Private (Security Issue)) > CVE-2018-1308: XXE attack through DIH's dataConfig request parameter > -------------------------------------------------------------------- > > Key: SOLR-11971 > URL: https://issues.apache.org/jira/browse/SOLR-11971 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: contrib - DataImportHandler > Reporter: Uwe Schindler > Assignee: Uwe Schindler > Priority: Major > Fix For: 6.6.3, 7.3, master (8.0) > > Attachments: ApacheSolrDIH-XXE.pdf, SOLR-11971.patch > > > We got a security report about an XXE attack when using the > {{&dataConfig=<inlinexml>}} of Solr's DataImportHandler. See the attached PDF > file with full details (I converted it to PDF, originally it was a DOC file). -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org