Apache Solr vulnerabilities

CVE-2018-11802 [MEDIUM] CWE-863 CVE-2018-11802: In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all

CVE-2019-0193 [HIGH] CWE-94 CVE-2019-0193: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can co