[ https://issues.apache.org/jira/browse/SOLR-11971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16429821#comment-16429821 ]
ASF subversion and git services commented on SOLR-11971: -------------------------------------------------------- Commit c1d0e81d561b39ed9aaa7c706373708cb1e5625f in lucene-solr's branch refs/heads/branch_6_6 from [~thetaphi] [ https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=c1d0e81 ] SOLR-11971: Add CVE number: CVE-2018-1308 > CVE-2018-1308: XXE attack through DIH's dataConfig request parameter > -------------------------------------------------------------------- > > Key: SOLR-11971 > URL: https://issues.apache.org/jira/browse/SOLR-11971 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: contrib - DataImportHandler > Reporter: Uwe Schindler > Assignee: Uwe Schindler > Priority: Major > Fix For: 6.6.3, 7.3, master (8.0) > > Attachments: ApacheSolrDIH-XXE.pdf, SOLR-11971.patch > > > We got a security report about an XXE attack when using the > {{&dataConfig=<inlinexml>}} of Solr's DataImportHandler. See the attached PDF > file with full details (I converted it to PDF, originally it was a DOC file). -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org