Rry

**Name of the Vulnerable Software and Affected Versions** Apache Solr versions 6.6 through 9.7.0 **Description** Apache Solr instances running on Windows are susceptible to arbitrary file path write access due to insufficient input validation in the 'configset upload' API. This is commonly known as a 'zipslip', where maliciously crafted ZIP files can utilize relative file paths to write data to unintended locations within the file system. The API endpoint involved is `/configset upload`. The vulnerability allows for arbitrary file writes through the manipulation of ZIP file contents. **Recommendations** Upgrade to version 9.8.0 to resolve the issue. For users unable to upgrade, restrict access to the `/configset upload` API using Solr's "Rule-Based Authentication Plugin" to a trusted set of administrators and users.