Hi All, We are currently using Solr Cloud(solr version 8.6.3) in our application .Since it doesn't use master-slave solr approach we do not have replication handler set up (to replicate master to slave)set up on any of our solr nodes. Could some one please confirm ,if following vulnerability is still applicable for us?
CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability Description: A critical vulnerability was found in Apache Solr up to 8.8.1 (CVSS 9.8). Affected by this vulnerability is an unknown code block of the file /replication; the manipulation of the argument masterUrl/leaderUrl with an unknown input can lead to a privilege escalation vulnerability. *Note: There are now POCs targeting CVE-2021-27905 (Apache Solr <= 8.8.1 SSRF), CVE-2017-12629 (Remote Code Execution via SSRF), and CVE-2019-0193 (DataImportHandler). There are also Metasploit modules for the Apache Solr Velocity RCE, and two Apache OFBiz vulnerabilities. Given the number of vulnerabilities, severity, and availability of POCs, it is highly recommended that any vulnerable systems be patched as soon as possible. Thanks Anchal Sharma
