Apache Solr is vulnerable to directory traversal attacks. The vulnerability exists because a replication handler provided by Apache Solr supports an HTTP API which does not validate the user supplied file_name
parameter. Therefore, attackers can pull index files from a master/leader node using this flaw.