[
https://issues.apache.org/jira/browse/SOLR-13971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17010486#comment-17010486
]
pattan commented on SOLR-13971:
-------------------------------
[~ichattopadhyaya]any updates on
https://issues.apache.org/jira/browse/SOLR-13971?focusedCommentId=17009542&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17009542?
Can you please let us know if you are planning to provide a patch for 7.7.x
versions? if not, I can create such a patch and create a pull request for you
:)
> CVE-2019-17558: Velocity custom template RCE vulnerability
> ----------------------------------------------------------
>
> Key: SOLR-13971
> URL: https://issues.apache.org/jira/browse/SOLR-13971
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 5.0, 5.5.5, 6.0, 6.6.5, 7.0, 7.7, 8.0, 8.3
> Reporter: Ishan Chattopadhyaya
> Assignee: Ishan Chattopadhyaya
> Priority: Blocker
> Fix For: 8.4
>
> Attachments: SOLR-13971.patch
>
>
> We need to disable this. There is a zero day attack in the wild. 41 stars on
> this github project:
> # https://github.com/jas502n/solr_rce
> # https://gist.github.com/s00py/a1ba36a3689fa13759ff910e179fc133
> We need to disable this in a way that cannot be re-enabled using the Config
> API.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
