FlagThis

A critical relative path traversal vulnerability (CVE-2024-52012) in Apache Solr for Windows allows arbitrary file path write access via the ‘configset upload’ API. Additionally, a medium severity vulnerability (CVE-2025-24814) allows users to replace trusted configset files with arbitrary configurations. These flaws require immediate patching to prevent attackers from writing or altering files on the system. Organizations need to prioritize patching their Apache Solr instances. The lack of input sanitization and insecure file handling exposes significant security risks.

Apache has released security updates to address multiple critical vulnerabilities, including a SQL Injection flaw, affecting MINA, HugeGraph-Server, and Traffic Control products. These vulnerabilities, if exploited, could allow attackers to compromise systems, highlighting the importance of immediate patching. Organizations using these Apache products should prioritize updating them to the latest versions to mitigate the risk of exploitation.

Multiple critical vulnerabilities have been discovered in Apache software products, including Apache HugeGraph-Server (CVE-2024-43441), Apache Traffic Control (CVE-2024-45387), and Apache MINA (CVE-2024-52046). CVE-2024-43441 allows authentication bypass in HugeGraph-Server, potentially leading to unauthorized access. CVE-2024-45387 in Traffic Control enables SQL injection attacks. CVE-2024-52046 in MINA allows remote code execution via deserialization flaws. Users are urged to apply security patches immediately, with MINA requiring additional configuration to restrict class deserialization.

Multiple critical vulnerabilities have been discovered in Apache Struts2 and Tomcat, including a path traversal vulnerability in Struts2 (CVE-2024-53677) that can lead to remote code execution, and two vulnerabilities in Apache Tomcat (CVE-2024-50379 and CVE-2024-54677) that can cause remote code execution and denial of service respectively. These vulnerabilities stem from issues like Time-of-check Time-of-use (TOCTOU) race conditions during JSP compilation in Tomcat and the ability to upload files into restricted directories in Struts2, allowing attackers to potentially compromise affected systems. Users are urged to apply the available patches immediately.

A critical race condition vulnerability in Apache Tomcat web server has been disclosed which can lead to remote code execution (RCE). The vulnerability, identified as CVE-2024-50379, stems from a Time-of-Check to Time-of-Use (TOCTOU) issue in JSP compilation. This allows an unauthenticated attacker to execute arbitrary code remotely, which could lead to a full system compromise. This vulnerability emphasizes the importance of promptly applying security patches to web servers, as these are popular targets for malicious actors.

Multiple vulnerabilities have been discovered and addressed in Apache Superset, an open-source data visualization platform. These include SQL injection vulnerabilities and improper authorization flaws, allowing attackers to bypass security restrictions and potentially access sensitive data. Updates are recommended to patch these vulnerabilities and protect against exploitation.