{"id":"CVE-2017-3163","details":"When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.","aliases":["GHSA-387v-84cv-9qmc"],"modified":"2026-04-10T04:00:08.715485Z","published":"2017-08-30T14:29:00.207Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488%40%3Csolr-user.lucene.apache.org%3E"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1451"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4124"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1447"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1448"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1449"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1450"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/lucene-solr","events":[{"introduced":"0"},{"last_affected":"8655b97b27d8da470c8235683af11a8b85a2b10f"},{"introduced":"0"},{"last_affected":"48c80f91b8e5cd9b3a9b48e6184bd53e7619e7e3"},{"introduced":"0"},{"last_affected":"c7510a0fdd93329ec04c853c8557f4a3f2309eaf"},{"introduced":"0"},{"last_affected":"4726c5b2d2efa9ba160b608d46a977d0a6b83f94"},{"introduced":"0"},{"last_affected":"764d0f19151dbff6f5fcd9fc4b2682cf934590c5"},{"introduced":"0"},{"last_affected":"43ab70147eb494324a1410f7a9f16a896a59bc6f"},{"introduced":"0"},{"last_affected":"a66a44513ee8191e25b477372094bfa846450316"},{"introduced":"0"},{"last_affected":"bbe4b08cc1fb673d0c3eb4b8455f23ddc1364124"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.5.3"},{"introduced":"0"},{"last_affected":"6.0.0"},{"introduced":"0"},{"last_affected":"6.0.1"},{"introduced":"0"},{"last_affected":"6.1.0"},{"introduced":"0"},{"last_affected":"6.2.0"},{"introduced":"0"},{"last_affected":"6.2.1"},{"introduced":"0"},{"last_affected":"6.3.0"},{"introduced":"0"},{"last_affected":"6.4.0"}]}}],"versions":["grafts/lucene-oldest","grafts/lucene-solr-copy","grafts/lucene-solr-oldest-merged","history/branches/lucene-solr/lucene-6997","releases/lucene-solr/5.5.0","releases/lucene-solr/5.5.1","releases/lucene-solr/5.5.2","releases/lucene-solr/5.5.3","releases/lucene-solr/6.0.0","releases/lucene-solr/6.0.1","releases/lucene-solr/6.1.0","releases/lucene-solr/6.2.0","releases/lucene-solr/6.2.1","releases/lucene-solr/6.3.0","releases/lucene-solr/6.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3163.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}