A vulnerability was found Apache Solr versions from 1.3 to 7.6.0 . The "shards" parameter does not have a corresponding whitelist mechanism, so it can request any URL. Upstream bug: https://issues.apache.org/jira/browse/SOLR-12770
Created solr3 tracking bugs for this issue: Affects: fedora-all [bug 1679808]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.