CVE-2023-50386

Name of the Vulnerable Software and Affected Versions Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.4.0

Description The issue is related to improper control of dynamically-managed code resources, unrestricted upload of files with dangerous types, and inclusion of functionality from untrusted control spheres in Apache Solr. This vulnerability allows an attacker to execute arbitrary code in the system. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository. If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. The vulnerability is limited to extending the Backup permissions with the ability to add libraries when Solr is run in a secure way with Authorization enabled.

Recommendations To resolve the issue, upgrade to version 8.11.3 or 9.4.1, which fix the issue by adding protections such as restricting the upload of files to a configSet that could be executed via a Java ClassLoader and restricting the saving of backups to directories used in the ClassLoader. For versions 6.0.0 through 8.11.2, upgrade to version 8.11.3. For versions 9.0.0 through 9.4.0, upgrade to version 9.4.1.