pkg:Bitnami/solr

22 total CVEsCRITICAL4HIGH12MEDIUM5LOW1

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    from 0, < 9.4.0
  • CRITICAL9.8CVE-2024-45216Improper Authentication vulnerability in Apache Solr
    >= 5.3.0, < 8.11.4, >= 9.0.0, < 9.7.0
  • CRITICAL9.8CVE-2020-13957Incorrect Authorization in Apache Solr
    >= 6.6.0, < 6.6.7, >= 7.0.0, < 7.7.4, >= 8.0.0, < 8.6.3
  • CRITICAL9.8CVE-2021-44548Apache Solr information disclosure vulnerability through DataImportHandler
    from 0, < 8.11.1
  • CRITICAL9.1CVE-2021-29943Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections
    from 0, < 8.8.2
  • HIGH8.8CVE-2023-50386Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
    >= 6.0.0, < 8.11.3, >= 9.0.0, < 9.4.1
  • HIGH8.8CVE-2020-13941Improper Input Validation in Apache Solr
    from 0, < 8.6.0
  • HIGH8.8CVE-2020-9492Improper Privilege Management in Apache Hadoop
    >= 8.6.0, < 8.6.1, >= 8.6.2, < 8.6.3
  • HIGH8.2CVE-2026-22022Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin
    >= 5.3.0, < 9.10.1
  • HIGH8.1CVE-2024-45217Insecure Default Initialization of Resource vulnerability in Apache Solr
    >= 6.6.0, < 8.11.4, >= 9.0.0, < 9.7.0
  • HIGH7.5CVE-2023-50291Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords
    >= 6.0.0, < 8.11.3, >= 9.0.0, < 9.3.0
  • HIGH7.5CVE-2023-50292Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
    >= 6.0.0, < 8.11.3, >= 9.0.0, < 9.4.1
  • HIGH7.5CVE-2023-50298Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
    >= 6.0.0, < 8.11.3, >= 9.0.0, < 9.4.1
  • HIGH7.5CVE-2021-33813XML External Entity (XXE) Injection in JDOM
    >= 8.8.1, < 8.8.2, >= 8.9.0, < 8.9.1
  • HIGH7.5CVE-2021-29262Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
    from 0, < 8.8.2
  • HIGH7.1CVE-2026-22444Apache Solr: Insufficient file-access checking in standalone core-creation requests
    >= 8.6.0, < 9.10.1
  • HIGH7.1CVE-2021-27905SSRF vulnerability with the Replication handler
    from 0, < 8.8.2
  • MEDIUM6.5CVE-2023-50290Apache Solr: Host environment variables are published via the Metrics API
    >= 9.0.0, < 9.3.0
  • MEDIUM5.5CVE-2025-24814Apache Solr vulnerable to Execution with Unnecessary Privileges
    from 0, < 9.8.0
  • MEDIUM5.4CVE-2024-52012Apache Solr Relative Path Traversal vulnerability
    >= 6.6.0, < 9.8.0
  • MEDIUM5.3CVE-2020-27223DOS vulnerability for Quoted Quality CSV headers
    >= 8.8.1, < 8.8.2
  • LOW2.7CVE-2021-28163Directory exposure in jetty
    >= 8.8.1, < 8.8.2