CVE-2023-50386

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.<br /> <br /> In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.<br /> When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).<br /> If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.<br /> <br /> When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.<br /> Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.<br /> In these versions, the following protections have been added:<br /> <br /> * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.<br /> * The Backup API restricts saving backups to directories that are used in the ClassLoader.