{"id":"CVE-2021-33813","details":"An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.","aliases":["BIT-solr-2021-33813","GHSA-2363-cqg2-863c"],"modified":"2026-04-16T04:33:24.510487350Z","published":"2021-06-16T12:15:12.760Z","related":["SUSE-SU-2021:2293-1","SUSE-SU-2022:3547-1","SUSE-SU-2024:1871-1","SUSE-SU-2024:1874-1","openSUSE-SU-2021:1031-1","openSUSE-SU-2021:2293-1","openSUSE-SU-2024:10877-1","openSUSE-SU-2024:13180-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r89b3800cfabb1e773e49425e5d4239c28a659839a2eca6af3431482e%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r845e987b7cd8efe610284958e997b84583f5a98d3394adc09e3482fe%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXM/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r21c406c7ed88fe340db7dbae75e58355159e6c324037c7d5547bf40b%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6db397ae7281ead825338200d1f62d2827585a70797cc9ac0c4bd23f%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5674106135bb1a6ef57483f4c63a9c44bca85d0e2a8a05895a8f1d89%40%3Cissues.solr.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rfb7a93e40ebeb1e0068cde0bf3834dcab46bb1ef06d6424db48ed9fd%40%3Cdev.tika.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZG/"},{"type":"ADVISORY","url":"https://github.com/hunterhacker/jdom/releases"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00026.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00012.html"},{"type":"FIX","url":"https://github.com/hunterhacker/jdom/pull/188"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"EVIDENCE","url":"https://alephsecurity.com/vulns/aleph-2021003"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/lucene-solr","events":[{"introduced":"0"},{"last_affected":"64f3b496bfee762a9d2dbff40700f457f4464dfe"},{"introduced":"0"},{"last_affected":"05c8a6f0163fe4c330e93775e8e91f3ab66a3f80"},{"introduced":"0"},{"last_affected":"dbe5ed0b2f17677ca6c904ebae919363f2d36a0a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.8.1"},{"introduced":"0"},{"last_affected":"8.9"},{"introduced":"0"},{"last_affected":"8.1"}]}},{"type":"GIT","repo":"https://github.com/apache/solr","events":[{"introduced":"0"},{"last_affected":"a4eb7aa123dc53f8dac74d80b66a490f2d6b4a26"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0"}]}},{"type":"GIT","repo":"https://github.com/apache/tika","events":[{"introduced":"0"},{"last_affected":"0090ebac8e4ff4083a9c0c5d3dc55f545ad6f951"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.25"}]}}],"versions":["1.12","1.12-rc1","1.15-rc1","1.17","1.18-rc1","1.19.1","1.19.1-rc1","1.20","1.21","1.23","1.23-rc1","1.24.1","1.25","grafts/lucene-oldest","grafts/lucene-solr-copy","grafts/lucene-solr-oldest-merged","history/branches/lucene-solr/branch_7","history/branches/lucene-solr/lucene-6997","history/branches/lucene-solr/lucene/main","history/branches/lucene-solr/origin/branch_8_x","history/branches/lucene-solr/pointvalues","history/branches/lucene-solr/solr/main","releases/lucene-solr/8.1.0","releases/lucene-solr/8.8.0","releases/lucene-solr/8.8.1","releases/lucene-solr/8.9.0","releases/solr/9.0.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33813.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}