麦 香浓郁

**Name of the Vulnerable Software and Affected Versions** Apache Solr versions 1.2 through 6.6.2 Apache Solr versions 7.0.0 through 7.2.1 **Description** The issue relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. This can be exploited to read arbitrary local files from the Solr server or the internal network using file, ftp, or http protocols. **Recommendations** For Apache Solr versions 1.2 through 6.6.2, avoid using the `&dataConfig=<inlinexml>` parameter in the DataImportHandler until a patch is available. For Apache Solr versions 7.0.0 through 7.2.1, consider restricting access to the DataImportHandler to minimize the risk of exploitation.