CVE-2019-12401

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-12401

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12401.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-12401

Aliases

GHSA-jq2w-w7v2-69q5

Published

2019-09-10T15:15:11.737Z

Modified

2026-03-20T11:27:33.687399Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.

References

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges

Type

GIT

Repo

https://github.com/apache/lucene-solr

Events

Introduced

6de56f9cbd200a23df974e7bcc2957c4526d7283

Last affected

7012c5edf194729031cea4d788597367543f5ead

Introduced

c64739498056fd5c03acd76077b25de41a38075b

Last affected

8670d0078251adaba093d64dba76317e46ae6ac9

Introduced

30b22298bacb5238437864128bc9005d49d0d3ed

Last affected

69175ad4fe8d224ad6a348d05f686105999a92e8

Database specific

{
    "versions": [
        {
            "introduced": "1.3.0"
        },
        {
            "last_affected": "1.4.1"
        },
        {
            "introduced": "3.1"
        },
        {
            "last_affected": "3.6.2"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.10.4"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12401.json"