This particular cve came out in the mailing list. Fed 12th
CVE-2017-3164 SSRF issue in Apache Solr I need to know what the exploit for this could be? can a user send a bogus shards param via a web request and get a local file? What does an attack vector look like for this? I am being asked specifically this... - How would we know if the vulnerability in the Solr CVE was taking advantage of? What are signs of us being exploited? What is the worst case scenario with this CVE? Could someone help me answer this please? http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN=wO5rYs6ktAX-5=-f5jdfwbbtsm2ttjebgo5j...@mail.gmail.com%3E the bug is https://issues.apache.org/jira/browse/SOLR-12770 the mitigation is upgrading to solr 7.7
