Junhe77

**Name of the Vulnerable Software and Affected Versions** Apache Solr versions 6.6.0 through 6.6.6 Apache Solr versions 7.0.0 through 7.7.3 Apache Solr versions 8.0.0 through 8.6.2 **Description** The issue prevents some features considered dangerous, which could be used for remote code execution, to be configured in a ConfigSet that's uploaded via API without authentication/authorization. However, the checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. **Recommendations** For Apache Solr versions 6.6.0 through 6.6.6, update to a version newer than 8.6.2. For Apache Solr versions 7.0.0 through 7.7.3, update to a version newer than 8.6.2. For Apache Solr versions 8.0.0 through 8.6.2, update to version 8.6.3 or newer. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation.