Pwn Null

**Name of the Vulnerable Software and Affected Versions** Apache Solr versions up through 9.7 **Description** The issue allows users to replace "trusted" configset files with arbitrary configuration. Solr instances using the "FileSystemConfigSetService" component and running without authentication and authorization are affected. An attacker can exploit this to load malicious code as a searchComponent or other plugin by using "<lib>" tags to add to Solr's classpath. **Recommendations** Apache Solr versions up through 9.7: Enable authentication and authorization on Solr clusters or switch to SolrCloud, and consider upgrading to Solr 9.8.0, which disables the use of "<lib>" tags by default.