[ 
https://issues.apache.org/jira/browse/SOLR-15844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Høydahl resolved SOLR-15844.
--------------------------------
    Resolution: Fixed

> Upgrade Velocity to v2.3
> ------------------------
>
>                 Key: SOLR-15844
>                 URL: https://issues.apache.org/jira/browse/SOLR-15844
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 8.11
>            Reporter: wcmrnd1
>            Assignee: Jan Høydahl
>            Priority: Blocker
>             Fix For: 8.11.1
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Latest Version of Solr 8.11 bundles Apache Velocity 2.0 jar that has the 
> following vulnerabilities:
>  
> h1. Vulnerability Details
> h2. CVE-2020-13936
> *Vulnerability Published:* 2021-03-10 03:15 EST
> *Vulnerability Updated:* 2021-09-23 08:21 EDT
> *CVSS Score:* {color:#FF0000}8.8{color} (overall), {color:#FF0000}8.8{color} 
> (base)
> {*}Summary{*}: An attacker that is able to modify Velocity templates may 
> execute arbitrary Java code or run arbitrary system commands with the same 
> privileges as the account running the Servlet container. This applies to 
> applications that allow untrusted users to upload/modify velocity templates 
> running Apache Velocity Engine versions up to 2.2.
> {*}Solution{*}: N/A
> {*}Workaround{*}: N/A
> h2. BDSA-2021-0710
> *Vulnerability Published:* 2021-03-22 12:01 EDT
> *Vulnerability Updated:* 2021-11-08 09:16 EST
> *CVSS Score:* {color:#FF0000}7.9{color} (overall), {color:#FF0000}8.8{color} 
> (base)
> {*}Summary{*}: Apache Velocity is vulnerable to remote code execution (RCE) 
> and arbitrary command execution due to how the SecureUberspector 
> functionality does not sufficiently prevent access to dangerous classes and 
> packages.
> An attacker with the ability to modify Velocity templates could use this 
> issue to execute arbitrary Java code or system commands with the privileges 
> of the account running the Servlet container.
> {*}Solution{*}: Fixed in 
> [*2.3-rc1*|https://github.com/apache/velocity-engine/releases/tag/2.3-RC1] by 
> [this|https://github.com/apache/velocity-engine/commit/f355cec739d4e705e541a149ff2d8806ed565401]
>  commit.
> The latest stable releases are available 
> [here|https://velocity.apache.org/download.cgi].
> {*}Workaround{*}: N/A



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to