VDB
CVE-2024-52012
CVE-2024-52012
PUBLISHED
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.
EPSS 13.71% · 94.4th percentile
Risk Scores
EPSS Score
13.71%
94.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | solr | 6.6.0 |
| Bitnami | solr | 6.6.0 |
Timeline
- Jan 26, 2025 PoC Published
- Jan 26, 2025 CVE Published
- Jan 27, 2025 PoC Published
- Jan 27, 2025 PoC Published
- Jan 27, 2025 PoC Published
- Jan 27, 2025 PoC Published
- Jan 27, 2025 PoC Published
- Jan 28, 2025 EPSS Score
- Jan 28, 2025 PoC Published
- Jan 29, 2025 PoC Published
- Feb 6, 2025 Coalition ESS Score
- Feb 12, 2025 EPSS Score