Latest Version of Solr 8.11 bundles Apache Velocity 2.0 jar that has the following vulnerabilities:

Vulnerability Details

CVE-2020-13936

Vulnerability Published: 2021-03-10 03:15 EST
Vulnerability Updated: 2021-09-23 08:21 EDT
CVSS Score: 8.8 (overall), 8.8 (base)

Summary: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Solution: N/A

Workaround: N/A

BDSA-2021-0710

Vulnerability Published: 2021-03-22 12:01 EDT
Vulnerability Updated: 2021-11-08 09:16 EST
CVSS Score: 7.9 (overall), 8.8 (base)

Summary: Apache Velocity is vulnerable to remote code execution (RCE) and arbitrary command execution due to how the SecureUberspector functionality does not sufficiently prevent access to dangerous classes and packages.

An attacker with the ability to modify Velocity templates could use this issue to execute arbitrary Java code or system commands with the privileges of the account running the Servlet container.

Solution: Fixed in 2.3-rc1 by this commit.

The latest stable releases are available here.

Workaround: N/A