CVE-2019-12401

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-12401
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12401.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-12401
Aliases
Published
2019-09-10T15:15:11Z
Modified
2024-10-11T10:38:40Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.

References

Affected packages

Git / github.com/apache/lucene-solr