A vulnerability in the shards parameter of Apache Solr could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) on a targeted system.
The vulnerability exists because the shards parameter of the affected software does not have a corresponding whitelist mechanism. An attacker could exploit this vulnerability by forcing the server to prompt Solr
to perform arbitrary HTTP GET requests. A successful exploit could allow the attacker to bypass certain security restrictions and perform other unauthorized actions.
Apache has confirmed this vulnerability and released software updates.
Security Impact Rating: High