⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2023-50386
Severity
8.8HIGH
EPSS
84.7%
top 0.66%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedFeb 9
Latest updateApr 15
Description
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.
In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.
When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSy…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
🔴Vulnerability Details
5OSV▶
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets↗2024-02-09
OSV▶
CVE-2023-50386: Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Con↗2024-02-09
GHSA▶
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets↗2024-02-09
CVEList▶
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets↗2024-02-09