What is CVE-2020-13957?

CVE-2020-13957 is a vulnerability in Apache Solr. Published 2020-10-13.

Is CVE-2020-13957 known to be exploited?

29 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Solr

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authenticati…

EPSS: 0.848 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Solr — versions Apache Solr 6.6.0 to 6.6.6, 7.0.0 to 7.7.3, 8.0.0 to 8.6.2

Public proof-of-concept exploits

References

mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/<CAECwjAWCVLoVaZy… (x_refsource_MISC)
[lucene-issues] 20201013 [jira] [Updated] (SOLR-14925) CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented (mailing-list, x_refsource_MLIST)
[lucene-issues] 20201019 [GitHub] [lucene-site] tflobbe opened a new pull request #31: Add CVE-2020-13957 page (mailing-list, x_refsource_MLIST)
security.netapp.com/advisory/ntap-20201023-0002/ (x_refsource_CONFIRM)
[lucene-issues] 20201029 [jira] [Commented] (SOLR-14925) CVE-2020-13957: The checks added to unauthenticated configset uploads can be circumvented (mailing-list, x_refsource_MLIST)
[lucene-commits] 20201030 [lucene-site] branch master updated: Add CVE-2020-13957 page (#31) (mailing-list, x_refsource_MLIST)
[lucene-issues] 20201030 [GitHub] [lucene-site] tflobbe merged pull request #31: Add CVE-2020-13957 page (mailing-list, x_refsource_MLIST)
[lucene-commits] 20201030 [lucene-site] 02/02: Add CVE-2020-13957 page (#31) (mailing-list, x_refsource_MLIST)
[lucene-issues] 20201030 [GitHub] [lucene-site] tflobbe opened a new pull request #32: Publish: Add CVE-2020-13957 page (#31) (mailing-list, x_refsource_MLIST)
[lucene-issues] 20201030 [GitHub] [lucene-site] tflobbe commented on pull request #32: Publish: Add CVE-2020-13957 page (#31) (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-13957?: CVE-2020-13957 is a vulnerability in Apache Solr. Published 2020-10-13.
Is CVE-2020-13957 known to be exploited?: 29 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.