{"uuid": "e62226e8-a6cb-490e-8a1a-91fb51e3d700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-52012", "type": "seen", "source": "https://t.me/cvedetector/16447", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52012 - Apache Solr Relative Path Traversal Zip Slip\", \n  \"Content\": \"CVE ID : CVE-2024-52012 \nPublished : Jan. 27, 2025, 9:15 a.m. | 1\u00a0hour, 13\u00a0minutes ago \nDescription : Relative Path Traversal vulnerability in Apache Solr.  \n  \nSolr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the \"configset upload\" API.\u00a0 Commonly known as a \"zipslip\", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.\u00a0\u00a0  \nThis issue affects Apache Solr: from 6.6 through 9.7.0.  \n  \nUsers are recommended to upgrade to version 9.8.0, which fixes the issue.\u00a0 Users unable to upgrade may also safely prevent the issue by using Solr's \"Rule-Based Authentication Plugin\" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-27T11:48:52.000000Z"}