CVE-2019-17558 @ Maven-org.apache.solr:solr-velocity-8.3.1

[cxronen]

Vulnerable Package issue exists @ Maven-org.apache.solr:solr-velocity-8.3.1 in branch main

Apache Solr 5.0.0 to Apache Solr before 7.7.3 and 8.x up to 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting params.resource.loader.enabled by defining a response writer with that setting set to true. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is trusted (has been uploaded by an authenticated user).

Namespace: cxronen
Repository: BookStore
Repository Url: https://github.com/cxronen/BookStore
CxAST-Project: cxronen/BookStore
CxAST platform scan: a0baff3f-c9ec-4f91-81ad-1f5b450a1ff5
Branch: main
Application: BookStore
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-20

---

Additional Info
Attack vector: NETWORK
Attack complexity: HIGH
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 8.4.0

---

References
POC/Exploit
Issue
Issue
Pull request
Commit