CVE-2020-13957

Name of the Vulnerable Software and Affected Versions Apache Solr versions 6.6.0 through 6.6.6 Apache Solr versions 7.0.0 through 7.7.3 Apache Solr versions 8.0.0 through 8.6.2

Description The issue prevents some features considered dangerous, which could be used for remote code execution, to be configured in a ConfigSet that's uploaded via API without authentication/authorization. However, the checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Recommendations For Apache Solr versions 6.6.0 through 6.6.6, update to a version newer than 8.6.2. For Apache Solr versions 7.0.0 through 7.7.3, update to a version newer than 8.6.2. For Apache Solr versions 8.0.0 through 8.6.2, update to version 8.6.3 or newer. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation.