[
https://issues.apache.org/jira/browse/SOLR-15844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457121#comment-17457121
]
Gus Heck edited comment on SOLR-15844 at 12/10/21, 12:39 PM:
-------------------------------------------------------------
The first one is
https://solr.apache.org/security.html#cve-2019-17558-apache-solr-rce-through-velocityresponsewriter
isn't it? We may have already dealt with that.
was (Author: gus_heck):
The velocity one is
https://solr.apache.org/security.html#cve-2019-17558-apache-solr-rce-through-velocityresponsewriter
isn't it? We may have already dealt with that.
> High security vulnerability in Apache Velocity (+2) - CVE-2020-13936 (+1)
> bundled with Solr
> -------------------------------------------------------------------------------------------
>
> Key: SOLR-15844
> URL: https://issues.apache.org/jira/browse/SOLR-15844
> Project: Solr
> Issue Type: Bug
> Affects Versions: 8.11
> Reporter: wcmrnd1
> Assignee: Jan Høydahl
> Priority: Blocker
> Fix For: 8.11.1
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Latest Version of Solr 8.11 bundles Apache Velocity 2.0 jar that has the
> following vulnerabilities:
>
> h1. Vulnerability Details
> h2. CVE-2020-13936
> *Vulnerability Published:* 2021-03-10 03:15 EST
> *Vulnerability Updated:* 2021-09-23 08:21 EDT
> *CVSS Score:* {color:#FF0000}8.8{color} (overall), {color:#FF0000}8.8{color}
> (base)
> {*}Summary{*}: An attacker that is able to modify Velocity templates may
> execute arbitrary Java code or run arbitrary system commands with the same
> privileges as the account running the Servlet container. This applies to
> applications that allow untrusted users to upload/modify velocity templates
> running Apache Velocity Engine versions up to 2.2.
> {*}Solution{*}: N/A
> {*}Workaround{*}: N/A
> h2. BDSA-2021-0710
> *Vulnerability Published:* 2021-03-22 12:01 EDT
> *Vulnerability Updated:* 2021-11-08 09:16 EST
> *CVSS Score:* {color:#FF0000}7.9{color} (overall), {color:#FF0000}8.8{color}
> (base)
> {*}Summary{*}: Apache Velocity is vulnerable to remote code execution (RCE)
> and arbitrary command execution due to how the SecureUberspector
> functionality does not sufficiently prevent access to dangerous classes and
> packages.
> An attacker with the ability to modify Velocity templates could use this
> issue to execute arbitrary Java code or system commands with the privileges
> of the account running the Servlet container.
> {*}Solution{*}: Fixed in
> [*2.3-rc1*|https://github.com/apache/velocity-engine/releases/tag/2.3-RC1] by
> [this|https://github.com/apache/velocity-engine/commit/f355cec739d4e705e541a149ff2d8806ed565401]
> commit.
> The latest stable releases are available
> [here|https://velocity.apache.org/download.cgi].
> {*}Workaround{*}: N/A
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
