CVE-2018-8010

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.0.0 through 6.6.3 Apache Solr versions 7.0.0 through 7.3.0

Description: This issue relates to an XML external entity expansion (XXE) in Solr config files, such as solrconfig.xml, schema.xml, and managed-schema, which can also affect Xinclude functionality. The issue allows for the reading of arbitrary local files from the Solr server or internal network using file, ftp, or http protocols.

Recommendations: For Apache Solr versions 6.0.0 through 6.6.3, upgrade to Solr 6.6.4. For Apache Solr versions 7.0.0 through 7.3.0, upgrade to Solr 7.3.1. Once the upgrade is complete, no other steps are required.